Maintained by: NLnet Labs

[Unbound-users] Unbound + NSD

Stuart Henderson
Thu Aug 7 10:50:47 CEST 2014


On 2014-08-05, JC PAROLA <contact at sels-ingenierie.com> wrote:
> I configured NSD as authoritative named server. it works fine.
>
> I configured on the same serveur unbound abd use "stub-zone" directive 
> to query name server.
>
> how configure unbound to allow ALL IP to query all zone in name server 
> NSD (like an authoritative name serveur) but limit recursion (ex query A 
> for google.fr) for a subnet only.
>
> I tried tu configure "access-control" but not result.
>
> Could you help me ?

It seems like you are trying to use unbound to provide access to
authoritative DNS as well as DNS resolver on the same IP address.

This won't work because the AA flag won't be set correctly.
(for proof that this is a problem, see the analysis of Microsoft's
recent attempt at "cleaning" the no-ip DNS zones..)

What you *could* do, is run separate nsd on a different port,
and use firewall rules to redirect external addresses to it.
Otherwise use separate IP addresses for nsd and unbound.