per interface acls possible?
Christoph
cm at appliedprivacy.net
Thu Jun 27 10:07:00 UTC 2019
ronvarburg at yahoo.com wrote:
> Let's say you have two interfaces. 1 and 2. Suppose DNS over TLS is
> at interface 1. Does interface 1 is your upstream? Does it 2?
> Neither? In what way would you like interface 1, or interface 2, to
> be more privileged then the other interface, or to let more
> access-control then the other?
When I say "interface" I'm referring to
unbound's "interface:" config directive (not a network interface eth0,
eth1, ...).
The use case is:
DoT (853) should have an ACL of
access-control: 0.0.0.0/0 allow
access-control: ::0/0 allow
DNS (53) should have a restrictive ACL (only whitelisted netblocks).
Is that possible or does that require multiple unbound instances?
thanks,
Christoph
More information about the Unbound-users
mailing list