Greetings, After configuring private-address (and private-domain) entries I was hoping that unbound would simply strip the private IP addresses from responses. However in my testing (unbound 1.4.8 and previous versions) I'm seeing that the queries will SERVFAIL, also for domains whose NS records point to a name that resolves to a private address, for example: private-address: 192.168.0.0/16 private-address: 127.0.0.1/8 $ dig smithfield.com @unbound ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22290 ;; QUESTION SECTION: ;smithfield.com. IN A ;; Query time: 904 msec $ dig @ns2.ndshq.com. smithfield.com ;; ANSWER SECTION: smithfield.com. 38400 IN A 72.3.245.136 ;; AUTHORITY SECTION: smithfield.com. 38400 IN NS ns1.ndshq.com. smithfield.com. 38400 IN NS ns2.ndshq.com. smithfield.com. 38400 IN NS ns0.ndshq.com. ;; ADDITIONAL SECTION: ns0.ndshq.com. 38400 IN A 192.168.6.11 ns1.ndshq.com. 38400 IN A 65.173.99.98 ns2.ndshq.com. 38400 IN A 173.50.95.13 $ dig mailfrom.com @unbound ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46581 ;; QUESTION SECTION: ;mailfrom.com. IN A ;; Query time: 2442 msec $ dig mailfrom.com @ns1.sedoparking.com. ;; ANSWER SECTION: mailfrom.com. 86400 IN A 127.0.0.1 I'm wondering if this is expected behaviour? Should I be seeing SERVFAIL (note long query time) or NOERROR/NODATA with private data stripped? Thanks very much :-) -- Jakub Heichman -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20110127/1fee5d35/attachment.html>