per interface acls possible?

Christoph cm at appliedprivacy.net
Thu Jun 27 10:07:00 UTC 2019


ronvarburg at yahoo.com wrote:
> Let's say you have two interfaces. 1 and 2. Suppose DNS over TLS is
> at interface 1. Does interface 1 is your upstream? Does it 2?
> Neither? In what way would you like interface 1, or interface 2, to
> be more privileged then the other interface, or to let more
> access-control then the other?

When I say "interface" I'm referring to
unbound's "interface:" config directive (not a network interface eth0,
eth1, ...).

The use case is:

DoT (853) should have an ACL of
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow

DNS (53) should have a restrictive ACL (only whitelisted netblocks).

Is that possible or does that require multiple unbound instances?

thanks,
Christoph



More information about the Unbound-users mailing list