[Unbound-users] unbound + nsd: acl to only allow non-recursive requests?
Jiri Bohac
jiri at boha.cz
Tue Feb 11 10:53:31 UTC 2014
Hi Wouter,
On Tue, Feb 11, 2014 at 09:37:27AM +0100, W.C.A. Wijngaards wrote:
> > On 2014-02-10, at 16:17, Jiri Bohac <jiri at boha.cz> wrote:
>
> The options are called deny_non_local and refuse_non_local. They
> differ in what you want them to do with the disallowed
> non-authoritative queries (drop or refuse, refuse is nicer and is more
> like a regular authority server).
I looked at the patch, but that only adds acl options for local
zones. My authoritative zones are served by a locally running
NSD (on a nonstandard port) that unbound uses through a stub
zone.
Do you think adding another two options, e.g.
deny_non_stub
refuse_non_stub
would make sense?
Or perhaps changing
deny_non_stub to deny_non_recursive
and
refuse_non_stub to refuse_non_recursive
... and differentiating based on the DR bit of the request,
instead of the zone?
I can make, test and post the patches.
Thanks,
--
Jiri Bohac
e-mail/jabber: jiri at boha.cz
More information about the Unbound-users
mailing list