Maintained by: NLnet Labs

[Unbound-users] PTR's for private address space

Chris Smith
Fri Apr 1 16:30:41 CEST 2011


On Fri, Apr 1, 2011 at 10:16 AM, Chris Smith <fixie at chrissmith.org> wrote:
> If you're just using a /24 then changing this to something like:
> ================================
> forward-zone:
>  name: "1.168.192.in-addr.arpa."
>  forward-addr: <windows box>
> ================================
> and then:
> ================================
>  local-zone: 1.168.192.in-addr.arpa. transparent
> ================================
> will prevent Unbound from forwarding PTR queries outside of your
> subnet (in this example anything not in 192.168.1) to your Windows
> box.

This "in this example anything not in 192.168.1" should more correctly
read "in this example anything not in 192.168.1 but in 192.168".

This is also useful if you use Unbound as a resolver. It will prevent
such PTR queries from being leaked to the Internet and requiring an
answer from the arin servers.

Chris