Unbound, exceptions to local-zone rules for specific subdomains and main domain

I have a simple rule to point my domain.tld to a local address 192.168.0.205. It takes everything; all subdomains *.domain.tld as well as the main domain itself.

    local-zone: "domain.tld." redirect
    local-data: "domain.tld. IN A 192.168.0.205"

I have my load balancer at 192.168.0.205 so for making requests working internally I need to do this. However, my mail server is located outside this network, so I need to make three exceptions to this; smtp.domain.tld, imap.domain.tld and domain.tld itself. I'd prefer if I just could make those slip through to the ISP's dns, but if that is not possible I can live with having to set their global ip's in my config.

How can I do this? I've tried using transparent instead of redirect but I cannot make it work like I want. I think one of the main problems is to handle the main domain without subdomain prefix.

Solution 1:

Use this style, multiple level wildcard subdomains:

local-zone: "sub.domain.tld."   redirect
local-data: "sub.domain.tld.  IN  A  222.222.222.222"

local-zone: "domain.tld."   redirect
local-data: "domain.tld.  IN  A   111.111.111.111"

Solution 2:

This configuration worked for me using Unbound v1.9.0:

server:
    # Resolve smtp and imap subdomains normally
    local-zone: "smtp.domain.tld" transparent
    local-zone: "imap.domain.tld" transparent

    # Redirect domain.tld to a machine on the LAN
    local-zone: "domain.tld" redirect
    local-data: "domain.tld 3600 IN A 192.168.0.205"

Note that the order of these statements matters. Write your rules from most specific to least specific.