Differences

This shows you the differences between two versions of the page.

--- networking:dns:unbound:configure_local_zones [2020/12/09 09:45] – peter
+++ networking:dns:unbound:configure_local_zones [2022/10/08 11:47] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Networking - DNS - Unbound - Configure Local Zones ======
-A number of locally served zones can be configured:
-<code>
-local-zone: <zone> <type>
-local-data: "<resource record string>"
-</code>
-<WRAP info>
-**NOTE:**  The local-zone **type** can be:
-  * **deny** serves local data (if any), else, drops queries.
-  * **refuse** serves local data (if any), else, replies with error.
-  * **static** serves local data, else, nxdomain or nodata answer.
-  * **transparent** gives local data, but resolves normally for other names.
-  * **redirect** serves the zone data for any subdomain in the zone.
-  * **nodefault** can be used to normally resolve AS112 zones.
-  * **typetransparent** resolves normally for other types and other names.
-  * **inform** acts like transparent, but logs client IP address.
-  * **inform_deny** drops queries and logs client IP address.
-  * **inform_redirect** redirects queries and logs client IP address
-  * **always_transparent** resolve in that way but ignore local data for that name.
-  * **always_refuse** resolve in that way but ignore local data for that name.
-  * **always_nxdomain** resolve in that way but ignore local data for that name.
-  * **noview** breaks out of that view towards global local-zones.
-</WRAP>
-----
-Suppose you have a printer in your LAN.
-You can connect to that printer by using its known IP address, like, for example, 192.168.1.100.
-However, wouldn't you rather give a human readable name to that printer?
-<WRAP info>
-**NOTE:**  Unbound is not an authoritative server, so it cannot manage a full zone with all its bells and whistles directly.
-However, it is able to manage a small home LAN.
-</WRAP>
-<file bash /etc/unbound/unbound.conf.d/local_names.conf>
-private-address: 192.168.1.0/24
-local-zone: "sharewiz.net." static
-        local-data: "gateway.sharewiz.net. IN A 192.168.1.1"
-        local-data: "server1.ssharewiz.net. IN A 192.168.1.69"
-        local-data: "printer.sharewiz.net. IN A 192.168.1.100"
-        local-data-ptr: "192.168.1.1 gateway.sharewiz.net"
-        local-data-ptr: "192.168.1.2 server1.sharewiz.net"
-        local-data-ptr: "192.168.1.69 computer.sharewiz.net"
-        local-data-ptr: "192.168.1.100 printer.sharewiz.net"
-</file>
-<WRAP info>
-**NOTE:**  This assumes that the LAN is using 192.168.1.0/24 as the network.
-The **private-address** directive prevents addresses in your LAN from being returned for public Internet names. This step prevents DNS rebinding attacks.
-The **local-zone** directive defines all domains under sharewiz.net as local.  The **static** word means that the static entries defined in the configuration file are used as DNS entries.  Each of the local-data entries assigns a name to an address.  For example, 192.168.1.100 would be assigned the name printer.sharewiz.net.  If you queried the Unbound server for a name in the sharewiz.net zone that did not exist, it would be answered with a NXDOMAIN message.  Alternatively, **transparent** could be used instead of static.  A transparent local zone is one in which the server tries to resolve the name of a host by other means if it has no static entry for it in its configuration.
-The **local-data-ptr** entries are optional and define reverse DNS information.  Reverse DNS is, as the expression implies, the opposite of DNS.  A reverse DNS query asks "What is the name of the host with the address 192.168.1.100?"
-</WRAP>