[Unbound-users] PTR's for private address space
Chris Smith
fixie at chrissmith.org
Fri Apr 1 14:30:41 UTC 2011
On Fri, Apr 1, 2011 at 10:16 AM, Chris Smith <fixie at chrissmith.org> wrote:
> If you're just using a /24 then changing this to something like:
> ================================
> forward-zone:
> name: "1.168.192.in-addr.arpa."
> forward-addr: <windows box>
> ================================
> and then:
> ================================
> local-zone: 1.168.192.in-addr.arpa. transparent
> ================================
> will prevent Unbound from forwarding PTR queries outside of your
> subnet (in this example anything not in 192.168.1) to your Windows
> box.
This "in this example anything not in 192.168.1" should more correctly
read "in this example anything not in 192.168.1 but in 192.168".
This is also useful if you use Unbound as a resolver. It will prevent
such PTR queries from being leaked to the Internet and requiring an
answer from the arin servers.
Chris
More information about the Unbound-users
mailing list