Maintained by: NLnet Labs

unbound.conf(5) access-control suggestions

Patrik Lundin
Wed Aug 5 20:14:26 CEST 2015


Hello,

Following the recent man page modifications I was reminded of another
part of the manual that I am curios if it could be modifed a bit. This
is the part about the access-control statement. I have two suggestions:

#1. Mention how the rules are evaluated. Is it first match wins, last
match wins, or most specific match wins? This is important when
configuring overlapping rules (because only a specific subset should
have allow_snoop for example). My testing points towards the
most-specific-match option.

#2. Mention what the behaviour is for clients that do not match a
configured ACL. While it is stated that the unconfigured default is
"allow localhost and refuse the rest", it is not explicitly stated what
happens to unmatched clients when once an ACL is configured.

-- 
Patrik Lundin