[Unbound-users] PTR's for private address space

Chris Smith fixie at chrissmith.org
Fri Apr 1 14:30:41 UTC 2011

On Fri, Apr 1, 2011 at 10:16 AM, Chris Smith <fixie at chrissmith.org> wrote:
> If you're just using a /24 then changing this to something like:
> ================================
> forward-zone:
>  name: "1.168.192.in-addr.arpa."
>  forward-addr: <windows box>
> ================================
> and then:
> ================================
>  local-zone: 1.168.192.in-addr.arpa. transparent
> ================================
> will prevent Unbound from forwarding PTR queries outside of your
> subnet (in this example anything not in 192.168.1) to your Windows
> box.

This "in this example anything not in 192.168.1" should more correctly
read "in this example anything not in 192.168.1 but in 192.168".

This is also useful if you use Unbound as a resolver. It will prevent
such PTR queries from being leaked to the Internet and requiring an
answer from the arin servers.


More information about the Unbound-users mailing list