Can I tell unbound to forward all requests except for some domains?
A. Schulze
sca at andreasschulze.de
Sat Mar 5 17:40:45 UTC 2022
Am 05.03.22 um 02:36 schrieb Gerben Wierda via Unbound-users:
> I am using unbound and it is configured to use cloud9 as a forwarder.
>
> But spamhaus.org <http://spamhaus.org> DNSBL will not answer requests for IP addresses from public DNS, such as cloud9.
>
> So, what I would like to do is configure unbound in such a way that it always goes to cloud9, except when the query is about spamhaus.org <http://spamhaus.org>. Can I do that?
Hello Gerben,
I'm not aware, unbound support a mode "forward all but [list of domains]"
My expectation: unbound is a recursive resolver and should know to which nameservers query for [list of domains] must be sent.
There is no option known to me to configure unbound this way.
But it is possible to forward all to one recursive resolver and send queries for some zones to a list of known other name servers.
forward-zone:
name: "."
forward-addr: 9.9.9.9
stub-zone:
name: "nlnetlabs.nl."
stub-host: "ns.nlnetlabs.nl."
stub-host: "ns-ext1.sidn.nl."
stub-host: "anyns.pch.net."
The downside of such configurations:
- stub-host will be resolved via 9.9.9.9
- stub-host must be outside the stub-zone
- stub-addr may be used to circumvent this limitation
- you MUST list a correct set of nameservers (names or addresses)
To be more robust against changed nameserver sets, you should enable "stub-prime: yes"
h
Andreas
More information about the Unbound-users
mailing list