I want to configure unbound to lookup certain domain names with an alternative dns server, with forward-zone. The documentation I find have two syntaxes:
forward-zone:
name: "mynetwork.com."
forward-addr: 10.0.0.1
e.g. here or
forward-zone:
name: "mynetwork.com"
forward-addr: 10.0.0.1
i.e. name field without dot at the end, e.g. here. Both seems to work for me, but what's the difference between foo.tld vs foo.tld.?
Difference between foo.tld and foo.tld. is simple. When you put dot at the end of FQDN your resolver understand that is the absolute name for host or domain. Without dot it's relative name and your resolver could add it's domain to provided FQDN.
For example if you have configured resolver to search in domain local.home, request for foo.tld would be asked as foo.tld.local.home if no foo.tld was found.
In the specific context stated in the question, the name in a zone definition (forward-zone, local-zone, etc) in unbound.conf, I don't believe there can be any difference to how these variations are interpreted.
Ie, these two names are interpreted the same.
In some other contexts, a name lacking the trailing dot is considered relative. Here, however we are in a context where there exists no reference point for what the name would be relative to.
It may be a good idea to use the variation with the trailing dot simply for its completely unambiguous meaning to any human readers of the unbound configuration file.
Additionally, It may be nice in terms of consistency if that name is also referenced somewhere else where names can actually be relative and therefore has the trailing dot in that other place.
