forward-zone disabled in view or something equivalent?
François Lafont
francois.lafont.1978 at gmail.com
Wed Jul 9 16:37:32 UTC 2025
Hi,
I have tried to read the documentation and have come
to the conclusion that what I'm asking for is not possible
(it seems to me that forward-zone in function of view is
not possible). Am I wrong?
If someone more knowledgeable than me in unbound can just
confirm this, that would be enough for me.
Thanks for your help.
On 7/6/25 22:19, François Lafont wrote:
> I would like to known if it's possible to disable a forward-zone
> for a specific view? Or if it's possible to do this in a different
> way?
>
> Let me show you a quick example with this configuration:
>
> ----------------------------------------
> server:
> # [...]
> access-control-view: 10.111.222.0/24 myview
>
> view:
> name: myview
> view-first: no
> local-zone: "domain.tld." always_nxdomain
>
> forward-zone:
> name: "domain.tld."
> forward-addr: A.B.C.D
> forward-addr: W.X.Y.Z
> ----------------------------------------
>
> There is a forward-zone in global configuration. But this forward-zone
> is "disabled" for the client in myview (clients in 10.111.222.0/24).
> For these clients, the zone is a "NXDOMAIN" zone.
>
> So, in a way, the forward-zone is disabled for myview, but the forward-zone
> is replaced by a NXDOMAIN. Is it possible to:
>
> * remove the NXDOMAIN local-zone for myview,
> * and allow DNS resolution in the zone "domain.tld." but without using the
> forwarders. I would like that DNS resolutions in zone "domain.tld."
> are made via a "classical" way (ie root DNS etc. but without using the
> forward-zone).
>
> Is it possible to do that? If not, maybe with another mechanism than view?
--
François Lafont
More information about the Unbound-users
mailing list