Maintained by: NLnet Labs

[Unbound-users] Public stub zone

Yuri Schaeffer
Fri Oct 18 14:22:56 CEST 2013


Hi Pieter,

So if I read your question correctly you have
- An authority server which has no delegation towards it.
- your zone's NS records point to your unbound instance

> However, I cannot find a way to expose *just* my stub-zone to the world,
> without allowing global recursion at the same time.

I just tried the following:

server:
	...
	local-zone: . refuse
	local-zone: unbound.net transparent
	...

forward-zone:
 	name: "unbound.net"
 	forward-addr: 213.154.224.48
 	forward-addr: 213.154.224.1

This would refuse any query not in the unbound.net zone. Does this work
for you?

Regards,
Yuri Schaeffer

-- 
Composed on an actual keyboard: all typos genuine.