Maintained by: NLnet Labs

[Unbound-users] Public stub zone

Pieter Ennes
Fri Oct 18 15:14:58 CEST 2013


Hi Yuri,

On 18/10/13 13:22, Yuri Schaeffer wrote:
> Hi Pieter,
> 
> So if I read your question correctly you have
> - An authority server which has no delegation towards it.
> - your zone's NS records point to your unbound instance

Both correct...


>> However, I cannot find a way to expose *just* my stub-zone to the world,
>> without allowing global recursion at the same time.
> 
> I just tried the following:
> 
> server:
> 	...
> 	local-zone: . refuse
> 	local-zone: unbound.net transparent
> 	...
> 
> forward-zone:
>  	name: "unbound.net"
>  	forward-addr: 213.154.224.48
>  	forward-addr: 213.154.224.1
> 
> This would refuse any query not in the unbound.net zone. Does this work
> for you?

That works just wonderfully; I had a feeling it could be done somehow...

Thanks!

- Pieter