Differences

This shows you the differences between two versions of the page.

--- networking:dns:unbound:recursive_queries [2020/12/08 09:12] – peter
+++ networking:dns:unbound:recursive_queries [2020/12/08 09:29] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Networking - DNS - Unbound - Recursive Queries ======
-Control which clients are allowed to make (recursive) queries to the server.
-Specify classless netblocks with /size and action.
-<code>
-access-control: 0.0.0.0/0 refuse
-access-control: 127.0.0.0/8 allow
-access-control: ::0/0 refuse
-access-control: ::1 allow
-access-control: ::ffff:127.0.0.1 allow
-</code>
-<WRAP info>
-**NOTE:** By default everything is refused, except for localhost.
-Options include:
-  * **deny** - Drop message.
-  * **refuse** - Polite error reply.
-  * **allow** - Recursive ok.
-  * **allow_setrd** - Rrecursive ok, rd bit is forced on.
-  * **allow_snoop - Recursive and non-recursive ok.
-  * **deny_non_local** - Drop queries unless can be answered from local-data.
-  * **refuse_non_local** - Like **<nowiki>deny_non_local</nowiki>** but polite error reply.
-</WRAP>
-----
-Tag **access-control** with list of tags (in "" with spaces between).
-Clients using this access control element use localzones that are tagged with one of these tags.
-<code>
-access-control-tag: 192.0.2.0/24 "tag2 tag3"
-</code>
-Set action for particular tag for given access control element if you have multiple tag values, the tag used to lookup the action the first tag match between **access-control-tag** and **local-zone-tag** where "first" comes from the order of the define-tag values.
-<code>
-access-control-tag-action: 192.0.2.0/24 tag3 refuse
-</code>
-Set redirect data for particular tag for access control element
-<code>
-access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
-</code>
-Set view for access control element
-<code>
-access-control-view: 192.0.2.0/24 viewname
-</code>