On Fri, 9 Oct 2009, Isaac González wrote:
We are currently running unbound in a anycasting scenario and works great.
I've found some problems catching domains without NS A records at nameservers
(some servers does not provide A records for nameservers) , I've found a
workaround adding a local-data in the configuration but if the provider change
the nameserver ip address it will fail. Do you know an alternative workaround
or some configuration parameter to solve this problem?
PD. For example: http://thednsreport.com/?domain=sanvic.es
My workaround:
local-zone: "actualcat.com."
transparent
local-data: "ns1.actualcat.com A
213.192.239.111"
local-data: "ns2.actualcat.com A 213.192.239.112"
The problem here is that there are glue records for ns[12].actualcat.com
pointing
to 213.192.239.112 and 213.192.239.111. However, when you ask those servers for
the A record of ns[12].actualcat.com you get an NXDOMAIN.
Since the NXDOMAIN is in the authority section is "outweighs" the previous
glue records that were in the additional section and the hints are dropped.
So even with harden-referral-path: no, it will end up failing.
The owner of the zone actualcat.com will need to fix their zone.
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
