forward-zone disabled in view or something equivalent?

François Lafont francois.lafont.1978 at gmail.com
Sun Jul 6 20:19:43 UTC 2025


Hi,

I would like to known if it's possible to disable a forward-zone
for a specific view? Or if it's possible to do this in a different
way?

Let me show you a quick example with this configuration:

----------------------------------------
server:
   # [...]
   access-control-view: 10.111.222.0/24  myview

view:
   name: myview
   view-first: no
   local-zone: "domain.tld." always_nxdomain

forward-zone:
   name: "domain.tld."
   forward-addr: A.B.C.D
   forward-addr: W.X.Y.Z
----------------------------------------

There is a forward-zone in global configuration. But this forward-zone
is "disabled" for the client in myview (clients in 10.111.222.0/24).
For these clients, the zone is a "NXDOMAIN" zone.

So, in a way, the forward-zone is disabled for myview, but the forward-zone
is replaced by a NXDOMAIN. Is it possible to:

* remove the NXDOMAIN local-zone for myview,
* and allow DNS resolution in the zone "domain.tld." but without using the
   forwarders. I would like that DNS resolutions in zone "domain.tld."
   are made via a "classical" way (ie root DNS etc. but without using the
   forward-zone).

Is it possible to do that? If not, maybe with another mechanism than view?

Thanks for your help.

-- 
François Lafont



More information about the Unbound-users mailing list