prevent unbound from attempting to contact root servers?

2016-11-16 Thread James Ralston via Unbound-users
I'm attempting to configure unbound to act as a local caching resolver. I just want unbound to blindly forward all queries to our local recursive resolvers. That's it. This has been somewhat challenging, because unbound's defaults are clearly not optimized for this use case. First, I turned off

Re: prevent unbound from attempting to contact root servers?

2016-11-16 Thread Eduardo Schoedler via Unbound-users
https://tools.ietf.org/html/rfc7706#appendix-B.2 2016-11-16 18:21 GMT-02:00 James Ralston via Unbound-users : > I'm attempting to configure unbound to act as a local caching > resolver. I just want unbound to blindly forward all queries to our > local recursive resolvers. That's it. > > This h

Re: prevent unbound from attempting to contact root servers?

2016-11-16 Thread James Ralston via Unbound-users
On Wed, Nov 16, 2016 at 3:57 PM, Eduardo Schoedler wrote: > https://tools.ietf.org/html/rfc7706#appendix-B.2 Thanks, but the examples in RFC7706 are addressing setting up a completely self-contained nameserver that performs its own recursive resolution. I have the exact opposite situation: I wan

Re: prevent unbound from attempting to contact root servers?

2016-11-17 Thread Tony Finch via Unbound-users
James Ralston via Unbound-users wrote: > > Any other ideas? Point the root-hints at a file containing your local server addresses? That might also not work properly since once Unbound has used the hints to get the current root server addresses, it'll probably try to refresh directly from the rea

Re: prevent unbound from attempting to contact root servers?

2016-11-17 Thread Sonic via Unbound-users
On Wed, Nov 16, 2016 at 3:21 PM, James Ralston via Unbound-users wrote: > module-config: "iterator" On the systems where I'm using just 'module-config: "iterator"' there is no root.hints or named.cache file and no attempt is made by unbound to contact the root servers.

Re: prevent unbound from attempting to contact root servers?

2016-11-17 Thread A. Schulze via Unbound-users
Sonic via Unbound-users: On Wed, Nov 16, 2016 at 3:21 PM, James Ralston via Unbound-users wrote: module-config: "iterator" On the systems where I'm using just 'module-config: "iterator"' there is no root.hints or named.cache file and no attempt is made by unbound to contact the root servers

Re: prevent unbound from attempting to contact root servers?

2016-11-17 Thread Daisuke HIGASHI via Unbound-users
> I just want unbound to blindly forward all queries to our > local recursive resolvers. That's it. I believe that Unbound is too intelligent to be dumb DNS forwarder, and concluded that we should use a caching-forwarder-only software (dnsmasq for example) if we want a such thing. My favorit

Re: prevent unbound from attempting to contact root servers?

2016-11-17 Thread Daisuke HIGASHI via Unbound-users
2016-11-18 1:40 GMT+09:00 Daisuke HIGASHI : > -- dnsdist.conf > newServer({address="8.8.8.8", pool="dns"}) > pc = newPacketCache(10) > getPool("dns"):setCache(pc) > addAction(AllRule(), PoolAction("dns")) Oops. For this use case, periodical health checking for downstream server (enabled by de

Re: prevent unbound from attempting to contact root servers?

2016-11-21 Thread W.C.A. Wijngaards via Unbound-users
Hi James On 16/11/16 23:10, James Ralston via Unbound-users wrote: > On Wed, Nov 16, 2016 at 3:57 PM, Eduardo Schoedler wrote: >> https://tools.ietf.org/html/rfc7706#appendix-B.2 > > Thanks, but the examples in RFC7706 are addressing setting up a > completely self-contained nameserver that perfo