There is a public domain registered by somebody on the Internet. Let's say "example.com".
I need my Unbound server to be partially authoritative for the zone "example.com" for my internal client servers.
I want Unbound to serve the following records to my internal client servers whenever they ask for them.
- test1.example.com. A 192.168.0.1
- test2.example.com. A 192.168.0.2
- test3.example.com. A 192.168.0.3
However, whenever a query arrives for a different record (Let's say "www.example.com") then I want Unbound to do the normal DNS recursive resolving process on the Internet.
I want to do this via the auth-zone section because I already have the "example.com" zone on an Authoritative DNS server. I successfully perform a zone transfer and Unbound has those 3 records and provides answers for them. However, whenever I try to ask it for "www.example.com" it doesn't want to do the normal DNS recursive resolving process on the Internet and doesn't return an answer.
auth-zone:
name: example.com
master: <<My_Master>>
allow-notify: <<My_Master>>
fallback-enabled: yes
for-downstream: no
for-upstream: yes
Unbound doesn't seem to comply with what its documentation says.
I tried all combinations of (fallback-enabled,for-downstream,for-upstream) and none of them work.
Any ideas ?
OS: CentOS 7.6
Unbound version: 1.9.0