Unbound in 25.7.1 sends PTR of internal networks to external DNS

[Siggi]

Hi,

Unbound in my installations sends PTR records of my internal LAN network to the configured query forwarding servers. I have also access to this forwarding servers and can see that the PTR records coming to them and are blocked.
This should be disabled by default but it's not.
While there are config options in Unbound to disable this behavior I was not able to set them in the config files as they are overwritten after every restart of Unbound.
I can't find an option in the GUI to disable this. DNSmasq has such option available in the GUI.
Please lmk what I can do here.

Thanks.

[Patrick M. Hausen]

You mean it is sending requests for PTR records, right?

[Siggi]

yes, correct

[Patrick M. Hausen]

That's what is supposed to do - anything that it cannot answer locally is sent to either the upstream DNS server (if configured) or recursively resolved from the root down.

Do a "dig/drill -x 192.168.42.42" and the request will go out to the Internet. And you will get NXDOMAIN back. All fine.

[Siggi]

Thanks for your answer. To be more precise: I can see requests for PTR records in the configured upstream DNS servers for my internal network that Unbound can answer itself. If I query Unbound for an existing PTR for my internal network it answers correctly, however I can see these queries in the upstream DNS servers as well.
I think that PTR requests for local networks should not be send to the upstream servers, should they?

[Patrick M. Hausen]

If it can indeed answer them, it should. In the default configuration it will forward everything it does not know transparently, even if it is in a local domain or network.

You can change that by setting "Local Zone Type" to e.g. "static" instead of "transparent".

HTH,
Patrick

[Siggi]

will try that. Thank you for your help.