forward-zone disabled in view or something equivalent?

François Lafont francois.lafont.1978 at gmail.com
Wed Jul 9 16:37:32 UTC 2025


Hi,

I have tried to read the documentation and have come
to the conclusion that what I'm asking for is not possible
(it seems to me that forward-zone in function of view is
not possible). Am I wrong?

If someone more knowledgeable than me in unbound can just
confirm this, that would be enough for me.

Thanks for your help.

On 7/6/25 22:19, François Lafont wrote:

> I would like to known if it's possible to disable a forward-zone
> for a specific view? Or if it's possible to do this in a different
> way?
> 
> Let me show you a quick example with this configuration:
> 
> ----------------------------------------
> server:
>    # [...]
>    access-control-view: 10.111.222.0/24  myview
> 
> view:
>    name: myview
>    view-first: no
>    local-zone: "domain.tld." always_nxdomain
> 
> forward-zone:
>    name: "domain.tld."
>    forward-addr: A.B.C.D
>    forward-addr: W.X.Y.Z
> ----------------------------------------
> 
> There is a forward-zone in global configuration. But this forward-zone
> is "disabled" for the client in myview (clients in 10.111.222.0/24).
> For these clients, the zone is a "NXDOMAIN" zone.
> 
> So, in a way, the forward-zone is disabled for myview, but the forward-zone
> is replaced by a NXDOMAIN. Is it possible to:
> 
> * remove the NXDOMAIN local-zone for myview,
> * and allow DNS resolution in the zone "domain.tld." but without using the
>    forwarders. I would like that DNS resolutions in zone "domain.tld."
>    are made via a "classical" way (ie root DNS etc. but without using the
>    forward-zone).
> 
> Is it possible to do that? If not, maybe with another mechanism than view?

-- 
François Lafont



More information about the Unbound-users mailing list