Thank you Ralph. I will check and get back to you.
*Thanks & Regards,Yogesh Sharma* On Wed, Jan 23, 2019 at 3:40 PM Ralph Dolmans via Unbound-users < [email protected]> wrote: > Hi Yogesh, > > On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote: > > I am able to test 2nd scenario and all resolution will be done by dns > > server as mentioned in name: "." (dot). Can some please guide how can we > > route few zones to specific dns server and rest all to google dns. > > The most specific match will be used. So in your example all queries > except example.com, example.org and its subdomains will go to the "." > forward-zone. > > > > > However, first one is still a problem, when I am using > > > > forward-zone: > > name: "." > > forward-addr: 127.0.0.1@5353 > > > > it appends search string from resolv.conf. > > > > Eg: is search string is internal.localhost then All example.com > > <http://example.com> name is changing to example.com.internal.localhost. > > This is done by the client querying Unbound. Unbound itself does not use > your resolv.conf. > > > > > if I put example.com <http://example.com>. (dot at the end) then it > > return server fail. > > Check your Unbound logs to see why it is a SERVFAIL. My first guess is > that this is because your zone does not DNSSEC validate. In that case > you might want to have a look at the domain-insecure configuration option. > > -- Ralph > > > > > > > /Thanks & Regards, > > > > Yogesh Sharma > > / > > > > > > On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi , > > > > Any suggestion. > > > > /Thanks & Regards, > > > > Yogesh Sharma | [email protected] <mailto:[email protected]> | > > LinkedIn <http://linkedin.com/in/yks0000> | Portal > > <https://yogeshsharma.me/> > > / > > > > > > On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi Team, > > > > I am new to Unbound and need some help. > > > > I need to forward all of request to local dnsmasq running on > > 127.0.0.1@5353. > > > > Once I do that, I see all lookup are suffixed with search string > > as present in /etc/resolv.conf and return server fail. If I do > > resolve by explicitly putting "." (dot) at the end, even though > > I get server fail. > > > > > > Version: 1.6.6 > > > > Config: > > > > > > server: > > verbosity: 1 > > username: root > > interface: 127.0.0.1 > > port: 53 > > chroot: "" > > do-ip4: yes > > do-udp: yes > > do-tcp: yes > > hide-identity: yes > > hide-version: yes > > msg-cache-size: 50m > > msg-cache-slabs: 4 > > rrset-cache-size: 100m > > rrset-cache-slabs: 4 > > cache-min-ttl: 300 > > cache-max-negative-ttl: 300 > > access-control: 0.0.0.0/0 <http://0.0.0.0/0> allow > > logfile: "/var/log/unbound/unbound.log" > > log-identity: root > > log-queries: yes > > log-replies: yes > > pidfile: "/var/log/unbound/unbound.pid" > > prefetch: yes > > > > forward-zone: > > name: "." > > forward-addr: 127.0.0.1@5353 > > > > > > > > 2nd Question: > > > > considering below forward-zone configuration, will all of name > > lookup will be forwarded to open dns servers > > (208.67.222.222/208.67.220.220 > > <http://208.67.222.222/208.67.220.220>) or it will send only > > those name server which are not part of example.com > > <http://example.com> and example.org <http://example.org> > > > > forward-zone: > > name: "." > > forward-addr: 208.67.222.222 > > forward-addr: 208.67.220.220 > > > > forward-zone: > > name: "example.com <http://example.com>" > > forward-addr: 8.8.8.8 > > > > forward-zone: > > name: "example.org <http://example.org>" > > forward-addr: 8.8.4.4 > > > > > > Thanks for help. > > > > > > > > /Thanks & Regards, > > > > Yogesh Sharma > > / > > >
