[Unbound-users] Resolve only few zones

Alexander Chekalin achekalin at lazurit.com
Fri Feb 3 13:45:18 UTC 2012


Thank you! You're brilliant!

Adding

local-zone: "serve-this.com" transparent

solved my problem!

Thank you again,
yours,
Alexander



03.02.2012 16:35, W.C.A. Wijngaards пишет:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Alexander,
>
> On 02/03/2012 01:57 PM, Alexander Chekalin wrote:
>> Hello,
>>
>> I deal with a really fuzzy problem. For some reasons we decided to
>> create resolver host that will only resolves soveral domains and replay
>> with 'nodata' to any other requests. Ok, I've set up the machine, and
>> set up unbound on it, then put some stub-zone's into config - works
>> great. Now what I need is how to stop unbound to answer for all other
>> requests?
> That is a weird configuration to decide on.
>
>> If I put
>>
>> local-zone: "." static
>>
>> in the config, no requests are answered at all, if I put it by the end
>> of config (so stub-zones will be parsed first) I got a configuration error.
> Because it must be in the server: clause, you could make a new server:
> clause at the end of the file, but actually, the order of statements
> does not have an effect here.
>
>> If there any way to do what I need?
> Put
>
> local-zone: "serve-this.com" transparent
>
> statements to punch holes in the "." static where resolution will
> proceed normally.  For all of the domains where you also have
> stub-zones.  Unbound picks the most specific local-zone and applies its
> policy to the query, so you can nest local-zone definitions inside other
> local-zones.  (it also takes the most specific access-control
> statements, stubs and forwards, by the way).
>
> Best regards,
>     Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.15 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJPK+KvAAoJEJ9vHC1+BF+NRVkP/2v+hXd3sgXSgnI3nf+trTZW
> DlnBcqKzAHoS+dGm0YTNEm6zq4D4T/NmN3ajqAri3lEMhDVt3GOLaMsYOtEUNZyq
> 2xJrFfVDw95O3UAi1WUInL757J9/e1qIP0cevqM6OLHcSWmzFBR/GUcnoxZrz0/N
> e6CJM2jXQtgy4VHG4MXa4iSJ3QkspS35vzeh4mUiNfqwykTFZGXcJZ3CsM1G2lG+
> ApIEXsUVmt7a94HNylrioOwRjQ7u5SwLR2ZGbEKyhk0GTaVXhkWeGPuGUf6C/hoh
> hW3KIBgNA5yTGnATRki2a/e0VAQScwEMIySpzWIhXAm+GxW/s+L4xndF4yqveUzu
> OW+/IZFhUgFlZcHQGxuWbbqT0qq6uDxa69N9kafmXSTnpWM7rAMGxenXShqpqzVd
> FWwvr8btQrCiXbzk1pUsJtesbw6ZnywqcJn45c++onz70XFzX4+v87FPeueVryqf
> IORGPakFiFZQc36NFJTD0m+axdwUz5lVwuW/ldV8uqmQSNr/34yb17n85tZMAA81
> UssKajRdwqtZOoaJTPKWtEwpqx5cfJXjejmJPYLo06nh4/bDb02s5a0Qg1a60z4W
> N1pY41eTOxHhHZdRtpsfaI3bowCAUTBRKUN1Lra0SSrbX6C6w3a8+Fez6U+NKeRG
> 0/ydlKzKVXjZowA1VHUL
> =OTZM
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users




More information about the Unbound-users mailing list