Maintained by: NLnet Labs

Configuration issue

Aggelos Kanarelis
Tue Nov 28 14:43:06 CET 2017


Thank you Wouter

That was exactly what I needed and also thank you for the explanation since it cleared a couple of things for me.

Aggelos Kanarelis
Systems Engineer

Arts Alliance Media Ltd
T:  +44 (0)20 7751 7525 / M: +44 (0) 7809427708
Aggelos.kanarelis at artsalliancemedia.com<mailto:Aggelos.kanarelis at artsalliancemedia.com>
www.artsalliancemedia.com<http://www.artsalliancemedia.com/>

Landmark House
Hammersmith Bridge Road
London W6 9EJ

Follow us on  Twitter<https://twitter.com/ArtsAllianceM/> / Facebook<http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309> / LinkedIn<https://www.linkedin.com/company/arts-alliance-media>

From: W.C.A. Wijngaards [mailto:wouter at nlnetlabs.nl]
Sent: 28 November 2017 13:11
To: Aggelos Kanarelis <Aggelos.Kanarelis at artsalliancemedia.com>
Cc: unbound-users at unbound.net
Subject: Re: Configuration issue

Hi Aggelos,

And also add local-zones name transparent for your names for which you
also have the forward-zones. Those local-zones with the local zone type
transparent make holes in the refuse policy for '.', and unbound uses
the most specific local-zone, so unbound then allows the names that are
transparent, but then denies all the other names.

Best regards, Wouter

On 28/11/17 11:31, Aggelos Kanarelis wrote:
> Hi Wouter
>
>
>
> So just to summarize.
>
>
>
> A local zone with "." refuse
>
>
>
> Then my existing forward zones?
>
>
>
> Thanks
>
>
>
> Aggelos Kanarelis
>
> Systems Engineer
>
>
>
> *Arts Alliance Media Ltd*
>
> T:  +44 (0)20 7751 7525 / M: +44 (0)7809427708
>
> Aggelos.kanarelis at artsalliancemedia.com<mailto:Aggelos.kanarelis at artsalliancemedia.com>
> <mailto:Aggelos.kanarelis at artsalliancemedia.com>____
>
> www.artsalliancemedia.com<http://www.artsalliancemedia.com> <http://www.artsalliancemedia.com/<http://www.artsalliancemedia.com/>>
>
>
>
> Landmark House
> Hammersmith Bridge Road
> London W6 9EJ__
>
>
>
> Follow us on  Twitter <https://twitter.com/ArtsAllianceM/<https://twitter.com/ArtsAllianceM/>>/ Facebook
> <http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309<http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309>>/
> LinkedIn <https://www.linkedin.com/company/arts-alliance-media<https://www.linkedin.com/company/arts-alliance-media>>
>
>
>
> *From:*W.C.A. Wijngaards [mailto:wouter at nlnetlabs.nl]
> *Sent:* 28 November 2017 08:15
> *To:* Aggelos Kanarelis <Aggelos.Kanarelis at artsalliancemedia.com<mailto:Aggelos.Kanarelis at artsalliancemedia.com>>
> *Subject:* Re: Configuration issue
>
>
>
> Hi Aggelos,
>
> With that I mean you could have the defaults after the local-zone
> statements that act to filter the inputs. And then unbound performs
> regular recursive DNS server lookups.
>
> But you could also include the forward-zone: text from config that you
> have already, and configure the lookups to be performed at particular
> upstream servers.
>
> So I meant the pieces of text starting with forward-zone:
>
> Best regards, Wouter
>
> On 27/11/17 17:28, Aggelos Kanarelis wrote:
>> Thanks Wouter
>>
>>
>>
>> I am a little green so what do you mean by forward clauses? How would I
>> add those?
>>
>>
>>
>> Thanks
>>
>>
>>
>> Aggelos Kanarelis
>>
>> Systems Engineer
>>
>>
>>
>> *Arts Alliance Media Ltd*
>>
>> T:  +44 (0)20 7751 7525 / M: +44 (0)7809427708
>>
>> Aggelos.kanarelis at artsalliancemedia.com<mailto:Aggelos.kanarelis at artsalliancemedia.com>
> <mailto:Aggelos.kanarelis at artsalliancemedia.com>
>> <mailto:Aggelos.kanarelis at artsalliancemedia.com>____
>>
>> www.artsalliancemedia.com<http://www.artsalliancemedia.com> <http://www.artsalliancemedia.com<http://www.artsalliancemedia.com>>
> <http://www.artsalliancemedia.com/<http://www.artsalliancemedia.com/>>
>>
>>
>>
>> Landmark House
>> Hammersmith Bridge Road
>> London W6 9EJ__
>>
>>
>>
>> Follow us on  Twitter <https://twitter.com/ArtsAllianceM/<https://twitter.com/ArtsAllianceM/>>/ Facebook
>> <http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309<http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309>>/
>> LinkedIn <https://www.linkedin.com/company/arts-alliance-media<https://www.linkedin.com/company/arts-alliance-media>>
>>
>>
>>
>> *From:*Unbound-users [mailto:unbound-users-bounces at unbound.net] *On
>> Behalf Of *W.C.A. Wijngaards via Unbound-users
>> *Sent:* 27 November 2017 16:09
>> *To:* unbound-users at unbound.net<mailto:unbound-users at unbound.net> <mailto:unbound-users at unbound.net>
>> *Subject:* Re: Configuration issue
>>
>>
>>
>> Hi,
>>
>> The order does not matter for local-zone, local-data, forward and stub
>> clauses. Unbound picks the closest one. First the local-zone and
>> local-data statements are processed. Then the cache of forward and stub
>> data. Then the lookup vi forward and stub data.
>>
>> You could create a local-zone: "." refuse and local-zone: "example.com<http://example.com>
> <http://example.com<http://example.com>>
>> <http://example.com<http://example.com>>"
>> transparent for all of the names you want resolved. If you want those
>> names forwarded somewhere, you can then also include forward clauses for
>> those names. The other names are rejected.
>>
>> Best regards, Wouter
>>
>> On 27/11/17 15:09, Sonic via Unbound-users wrote:
>>> Maybe post the unbound.conf file (no comment lines please).
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20171128/b7d096a1/attachment-0001.html>