Maintained by: NLnet Labs

[Unbound-users] Resolve only few zones

W.C.A. Wijngaards
Fri Feb 3 14:35:43 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alexander,

On 02/03/2012 01:57 PM, Alexander Chekalin wrote:
> Hello,
> 
> I deal with a really fuzzy problem. For some reasons we decided to
> create resolver host that will only resolves soveral domains and replay
> with 'nodata' to any other requests. Ok, I've set up the machine, and
> set up unbound on it, then put some stub-zone's into config - works
> great. Now what I need is how to stop unbound to answer for all other
> requests?

That is a weird configuration to decide on.

> If I put
> 
> local-zone: "." static
> 
> in the config, no requests are answered at all, if I put it by the end
> of config (so stub-zones will be parsed first) I got a configuration error.

Because it must be in the server: clause, you could make a new server:
clause at the end of the file, but actually, the order of statements
does not have an effect here.

> If there any way to do what I need?

Put

local-zone: "serve-this.com" transparent

statements to punch holes in the "." static where resolution will
proceed normally.  For all of the domains where you also have
stub-zones.  Unbound picks the most specific local-zone and applies its
policy to the query, so you can nest local-zone definitions inside other
local-zones.  (it also takes the most specific access-control
statements, stubs and forwards, by the way).

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPK+KvAAoJEJ9vHC1+BF+NRVkP/2v+hXd3sgXSgnI3nf+trTZW
DlnBcqKzAHoS+dGm0YTNEm6zq4D4T/NmN3ajqAri3lEMhDVt3GOLaMsYOtEUNZyq
2xJrFfVDw95O3UAi1WUInL757J9/e1qIP0cevqM6OLHcSWmzFBR/GUcnoxZrz0/N
e6CJM2jXQtgy4VHG4MXa4iSJ3QkspS35vzeh4mUiNfqwykTFZGXcJZ3CsM1G2lG+
ApIEXsUVmt7a94HNylrioOwRjQ7u5SwLR2ZGbEKyhk0GTaVXhkWeGPuGUf6C/hoh
hW3KIBgNA5yTGnATRki2a/e0VAQScwEMIySpzWIhXAm+GxW/s+L4xndF4yqveUzu
OW+/IZFhUgFlZcHQGxuWbbqT0qq6uDxa69N9kafmXSTnpWM7rAMGxenXShqpqzVd
FWwvr8btQrCiXbzk1pUsJtesbw6ZnywqcJn45c++onz70XFzX4+v87FPeueVryqf
IORGPakFiFZQc36NFJTD0m+axdwUz5lVwuW/ldV8uqmQSNr/34yb17n85tZMAA81
UssKajRdwqtZOoaJTPKWtEwpqx5cfJXjejmJPYLo06nh4/bDb02s5a0Qg1a60z4W
N1pY41eTOxHhHZdRtpsfaI3bowCAUTBRKUN1Lra0SSrbX6C6w3a8+Fez6U+NKeRG
0/ydlKzKVXjZowA1VHUL
=OTZM
-----END PGP SIGNATURE-----