Can I tell unbound to forward all requests except for some domains?

Steven Wills steven at swills.me
Sat Mar 5 06:17:11 UTC 2022


I re read your emails and you mention "local" IP addresses. Maybe a stub-zone is what you're after? But I don't think that is the case since a stub zone is meant to point to an authoritative server. Maybe someone with a better idea of what you're asking can weigh in.

I use a stub-zone to point to my NSD server.

stub-zone:
name: "swills.org"
stub-addr: 10.0.10.25

https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html?highlight=stub%20zone#stub-zone-options

Thanks again,
Steven

------- Original Message -------
On Friday, March 4th, 2022 at 20:14, Gerben Wierda <gerben.wierda at rna.nl> wrote:

> Yes, that is what I thought a while back, so I decided at the time to test with this:
>
> forward-zone:
> name: "apple.com."
> forward-addr: 8.8.8.8 at 53 # testing if I can forward based on fqdn
>
> forward-zone:
> name: "."
> # If the forwarding fails, do your own recursion
> forward-first: yes
> # Quad9 phising/malware site blocking DNS 9.9.9.9
> forward-addr: 9.9.9.9
>
> to see if that worked, but all the request kept being forwarded to 9.9.9.9 at the time. I gave up at the time (for another reason) but now I need it again.
>
> Gerben Wierda ([LinkedIn](https://www.linkedin.com/in/gerbenwierda))
> [R&A IT Strategy](https://ea.rna.nl/) (main site)
> Book: [Chess and the Art of Enterprise Architecture](https://ea.rna.nl/the-book/)
> Book: [Mastering ArchiMate](https://ea.rna.nl/the-book-edition-iii/)
>
>> On 5 Mar 2022, at 03:03, Steven Wills <steven at swills.me> wrote:
>>
>> Hello,
>>
>> I think what you want is a Forward Zone.
>>
>> https://docs.netgate.com/tnsr/en/latest/dns/fwd-zone.html
>>
>> Thank you,
>> Steven
>>
>> -------- Original Message --------
>> On Mar 4, 2022, 19:36, Gerben Wierda via Unbound-users < unbound-users at lists.nlnetlabs.nl> wrote:
>>
>>> I am using unbound and it is configured to use cloud9 as a forwarder.
>>>
>>> But [spamhaus.org](http://spamhaus.org/) DNSBL will not answer requests for IP addresses from public DNS, such as cloud9.
>>>
>>> So, what I would like to do is configure unbound in such a way that it always goes to cloud9, except when the query is about [spamhaus.org](http://spamhaus.org/). Can I do that?
>>>
>>> If that is not possible, I would like to configure unbound that is forwards everything to cloud9, unless it comes from a specific set of local IP addresses. Is that possible?
>>>
>>> Thanks,
>>>
>>> Gerben Wierda ([LinkedIn](https://www.linkedin.com/in/gerbenwierda))
>>> [R&A IT Strategy](https://ea.rna.nl/) (main site)
>>> Book: [Chess and the Art of Enterprise Architecture](https://ea.rna.nl/the-book/)
>>> Book: [Mastering ArchiMate](https://ea.rna.nl/the-book-edition-iii/)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220305/f48e8dd6/attachment.htm>


More information about the Unbound-users mailing list