Wiki

User Tools

Site Tools

Trace: squid_refresh_patterns_-_youtube
networking:dns:unbound:selectively_override_dns_records

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
networking:dns:unbound:selectively_override_dns_records [2022/10/08 11:56] – created peternetworking:dns:unbound:selectively_override_dns_records [2022/10/08 13:27] (current) – [typetransparent zones] peter
Line 27: Line 27:
 <WRAP info> <WRAP info>
 **NOTE:**  This also effectively deleted all other DNS records for it. If it has an MX record or a TXT record or what have you, those records will not be visible. **NOTE:**  This also effectively deleted all other DNS records for it. If it has an MX record or a TXT record or what have you, those records will not be visible.
 +
 +  * For any names in **transparent** local-data zones, you are in complete control of all records returned; 
 +    * either they are in your local-data stanzas, or they do not exist.
 +
 +  * If you just give **local-data** for something without a local-zone directive, Unbound silently makes it into such a **transparent** local zone.
 +</WRAP>
 +
 +
 +
 +<WRAP important>
 +**WARNING:**  Transparent local zones have one gotcha:
 +
 +<code yaml>
 +local-zone: example.net transparent
 +local-data: "example.net A 7.7.7.7"
 +</code>    
 +
 +  * Because this is a transparent zone and we have not listed any NS records for example.net as part of our local data, people will not be able to look up any names inside the zone even though we don't explicitly block or override them.
 +  * Of course if we did list some additional names inside example.net as local-data, people would be able to look up them (and only them).
 +
 +  * Also, since transparent local zones are the default, this happens if you leave out the local-zone or get the name wrong by mistake or accident.
 +</WRAP>
 +
 +----
 +
 +===== typetransparent zones =====
 +
 +There is no way to use a **typetransparent** zone but delete certain record types for some names, which you would use so you can do things like remove all MX entries for some host names.
 +
 +Zones, however, do not have to map to actual DNS zones, so you can do this:
 +
 +<code yaml>
 +# Instead of this:
 +
 +local-zone: example.org typetransparent
 +local-data: "server.example.org A 8.8.8.8"
 +
 +# but:
 +
 +local-zone: www.example.org transparent
 +local-data: "www.example.org A 8.8.8.8"
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  By claiming www.example.org as a separate transparent local zone, this allows us to delete all records for it but the A record that we supply; 
 +
 +  * This would remove, say, MX entries.
 +  * A transparent local zone with no data naturally does not blank out anything, so if you want to totally delete a name's records you need to supply some dummy record (e.g. a TXT record).
 +
 +
 </WRAP> </WRAP>
  
networking/dns/unbound/selectively_override_dns_records.1665230189.txt.gz · Last modified: 2022/10/08 11:56 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki