
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:#954F72;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri",sans-serif;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1029" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="#0563C1" vlink="#954F72">

<div class="WordSection1">

<p class="MsoNormal">Hello<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Using the setup below, how to configure unbound for strict security or not.<o:p></o:p></p>

<p class="MsoNormal">Config 1: strict security, do not allow “unsecure and unsigned” resolves to the downstream client ?<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Config 2: less secure, allow resolves that are not signed to the downstream client ?<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">The resolv.conf will contain the “nameserver IP address” for the local host. This is the IP address that unbound daemon uses to monitor DNS client quires.<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">

<v:stroke joinstyle="miter" />

<v:formulas>

<v:f eqn="if lineDrawn pixelLineWidth 0" />

<v:f eqn="sum @0 1 0" />

<v:f eqn="sum 0 0 @1" />

<v:f eqn="prod @2 1 2" />

<v:f eqn="prod @3 21600 pixelWidth" />

<v:f eqn="prod @3 21600 pixelHeight" />

<v:f eqn="sum @0 0 1" />

<v:f eqn="prod @6 1 2" />

<v:f eqn="prod @7 21600 pixelWidth" />

<v:f eqn="sum @8 21600 0" />

<v:f eqn="prod @7 21600 pixelHeight" />

<v:f eqn="sum @10 21600 0" />

</v:formulas>

<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect" />

<o:lock v:ext="edit" aspectratio="t" />

</v:shapetype><v:shape id="_x0000_s1028" type="#_x0000_t75" alt="strongswan
curl plugin
gethostbyname()
" style='position:absolute;margin-left:0;margin-top:-.05pt;width:138.75pt;height:68.25pt;z-index:251659264;visibility:visible;mso-width-percent:0;mso-height-percent:0;mso-wrap-distance-left:9pt;mso-wrap-distance-top:0;mso-wrap-distance-right:9pt;mso-wrap-distance-bottom:0;mso-position-horizontal:absolute;mso-position-horizontal-relative:margin;mso-position-vertical:absolute;mso-position-vertical-relative:text;mso-width-percent:0;mso-height-percent:0;mso-width-relative:margin;mso-height-relative:margin'>

<v:imagedata src="cid:image002.emz@01D66685.4F802510" o:title="" />

<w:wrap anchorx="margin"/>

</v:shape><v:shape id="_x0000_s1027" type="#_x0000_t75" alt="unbound daemon
resolv.conf
nameserver  127.0.0.1
" style='position:absolute;margin-left:164.6pt;margin-top:.4pt;width:165pt;height:69.75pt;z-index:251660288;visibility:visible;mso-width-percent:0;mso-height-percent:0;mso-wrap-distance-left:9pt;mso-wrap-distance-top:0;mso-wrap-distance-right:9pt;mso-wrap-distance-bottom:0;mso-position-horizontal:absolute;mso-position-horizontal-relative:text;mso-position-vertical:absolute;mso-position-vertical-relative:text;mso-width-percent:0;mso-height-percent:0;mso-width-relative:margin;mso-height-relative:margin'>

<v:imagedata src="cid:image003.emz@01D66685.4F802510" o:title="" />

</v:shape><v:shape id="Straight_x0020_Arrow_x0020_Connector_x0020_218" o:spid="_x0000_s1026" type="#_x0000_t75" style='position:absolute;margin-left:141.05pt;margin-top:45.65pt;width:24.75pt;height:9.75pt;z-index:251661312;visibility:visible;mso-width-percent:0;mso-height-percent:0;mso-wrap-distance-left:9pt;mso-wrap-distance-top:0;mso-wrap-distance-right:9pt;mso-wrap-distance-bottom:0;mso-position-horizontal:absolute;mso-position-horizontal-relative:text;mso-position-vertical:absolute;mso-position-vertical-relative:text;mso-width-percent:0;mso-height-percent:0;mso-width-relative:margin;mso-height-relative:margin'>

<v:imagedata src="cid:image004.png@01D66685.4F802510" o:title="" />

<o:lock v:ext="edit" aspectratio="f" />

</v:shape><![endif]--><![if !vml]><span style="mso-ignore:vglayout">

<table cellpadding="0" cellspacing="0" align="left">

<tbody>

<tr>

<td width="8" height="56"></td>

<td width="231"></td>

<td width="4"></td>

<td width="314"></td>

</tr>

<tr>

<td height="1"></td>

<td rowspan="2" align="left" valign="top"><img width="185" height="91" style="width:1.925in;height:.95in" src="cid:image005.png@01D66685.4F802510" alt="strongswan

curl plugin

gethostbyname()

" v:shapes="_x0000_s1028"></td>

</tr>

<tr>

<td height="113"></td>

<td></td>

<td rowspan="2" align="left" valign="top"><img width="251" height="93" style="width:2.6166in;height:.9666in" src="cid:image006.png@01D66685.4F802510" alt="unbound daemon

resolv.conf

nameserver  127.0.0.1

" v:shapes="_x0000_s1027 Straight_x0020_Arrow_x0020_Connector_x0020_218"></td>

</tr>

<tr>

<td height="3"></td>

</tr>

</tbody>

</table>

</span><![endif]><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<br style="mso-ignore:vglayout" clear="ALL">

<p class="MsoNormal">Thanks<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</body>

</html>