Maintained by: NLnet Labs

[Unbound-users] Captive portal question

Tim Kindberg
Fri Apr 23 08:25:43 CEST 2010

Dear Unbound users,

I'm using unbound to build a somewhat unusual type of captive portal.
It's a Linux box that acts as a restricted WiFi access point to a group
of clients, and which has an outbound connection to the internet and
knows DNS servers to use out there.

The portal lets users freely access one particular site on the internet;
it forces accesses to another specific site back to itself; and it makes
everything else go to a third specific site on the internet.  In other
words, it behaves as follows:

1. traffic to is to be resolved normally, i.e. ultimately
by the DNS server on the internet that the captive portal machine knows
2. traffic to is to be resolved to (the captive
portal machine)
3. everything else is to resolve to, a machine out on the

I've added the following to my conf file.  1 & 2 work fine but 3 doesn't
work.  I'd be grateful for advice about what I'm doing wrong.

local-zone: "." redirect
local-zone "" transparent
local-zone "" static
local-zone "" transparent
local-data: ". IN CNAME"
local-data: " IN A"

dig gives:
; <<>> DiG 9.4.3-P3 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7088
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;            IN    A

;; Query time: 1 msec

BTW, I now see that the documentation specifically says the CNAME local 
data won't work, and advises me to use a stub zone.  But when I look at 
the documentation for that, none of it seems to relate to what I'm 
trying to achieve, i.e. the * -> mapping, except for the 
exceptions identified above.




Tim Kindberg
Matter 2 Media Ltd
e: tim at
m: +44 (0)7954 582814
t: +44 (0)117 9095221