[Unbound-users] Whitelist some domains, blacklist everything else

Ondřej Surý ondrej at sury.org
Sun May 16 17:12:35 UTC 2010

2010/5/16 Alexander E. Patrakov <patrakov at gmail.com>

> 16.05.2010 22:01, Carsten Krüger wrote:
>> Hello,
>> is it possible with unbound to allow only lookups on whitelisted
>> domains and answer all others with or NXDOMAIN?
> No.

Well, I wouldn't be so strict, something like this could probably be done
using forwarding:

name: whitelist1.dom

name: whitelist2.dom

name: .
  forward-addr: <ip_of_dummy_nameserver_returning always nxdomain, f.e.
running on>

But you are doing it wrong. DNS is a bad place for this kind of filtering.
Implement transparent HTTP proxy with block list or even simple firewall
rules are better. Protection on DNS level is very fragile and probably could
be easily circumvented if not implemented together with strict firewall

Ondřej Surý <ondrej at sury.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100516/ccbd7728/attachment.htm>

More information about the Unbound-users mailing list