[Unbound-users] Whitelist some domains, blacklist everything else
wouter at NLnetLabs.nl
Mon May 17 09:05:41 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Not sure if that is a good idea, but unbound can be configured like
that. Here the local-data config is used (so no need to run another
# this redirects everything to 127.0.0.1
local-zone: "." redirect
local-data: ". IN A 127.0.0.1"
# override for whitelisted domains to resolve normally
local-zone: "google.com" transparent
local-zone: "linux.org" transparent
The local-zone statements are checked and the closest match determines
what happens to the query.
Ondrej suggests to use forward and stub configs, and that works too,
since it also uses the config from the closest match on the query.
On 05/16/2010 06:01 PM, Carsten Krüger wrote:
> is it possible with unbound to allow only lookups on whitelisted
> domains and answer all others with 127.0.0.1 or NXDOMAIN?
> for example (precedence: white is stronger than black)
> blacklist *
> whitelist google.com and linux.org (and subdomains of them).
> The lookups for the whitelisted domains should go external (recursive) and not to
> a local zone file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Unbound-users