Wiki

User Tools

Site Tools

Trace:
networking:dns:unbound:views

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:dns:unbound:views [2020/12/04 11:32] – [Different Views] peternetworking:dns:unbound:views [2022/10/08 11:19] (current) peter
Line 3: Line 3:
 Unbound’s views can be used to serve local data depending on the source address a query is received on. Unbound’s views can be used to serve local data depending on the source address a query is received on.
  
-  * View Name must be unique.  
   * Map views to requests using the **access-control-view** option.   * Map views to requests using the **access-control-view** option.
   * Views can contain zero or more **local-zone** and **local-data** options.   * Views can contain zero or more **local-zone** and **local-data** options.
   * Options from matching views will override global options.   * Options from matching views will override global options.
-  * Global options will be used if no matching view is found. + 
-    With **view-first yes**, it will try to answer using the global local-zone and local-data elements if there is no view specific match.+<WRAP info> 
 +**views** were introduced in Unbound 1.6.0. 
 +</WRAP>
  
 ---- ----
Line 24: Line 25:
     name: "anotherview"     name: "anotherview"
     local-zone: "example.com" refuse     local-zone: "example.com" refuse
 +view:
 +    name: "evenanotherview"
 +    local-zone: example.com inform
 +    local-data: 'example.com TXT "this is an example"'
 +    local-zone: refused.example.co.uk refuse    
 </code> </code>
  
Line 29: Line 35:
 **NOTE:** **NOTE:**
  
-  * **local-zone** configures a local zone. +  * **name** must be unique.
-    * The type determines the answer to give if there is no  match  from  local-data. +
-      * These can be deny, refuse, static, transparent, typetransparent, redirect, inform, inform_deny, inform_redirect, always_transparent, always_refuse, always_nxdomain, noview, nodefault.  See https://nlnetlabs.nl/documentation/unbound/unbound.conf/.+
  
 +  * **local-zone** configures a local zone.
 +    * The type determines the answer to give if there is no match from local-data.
       * **deny** serves local data (if any), else, drops queries.       * **deny** serves local data (if any), else, drops queries.
       * **refuse** serves local data (if any), else, replies with error.       * **refuse** serves local data (if any), else, replies with error.
       * **static** serves local data, else, nxdomain or nodata answer.       * **static** serves local data, else, nxdomain or nodata answer.
-      * **transparent** gives local data, but resolves normally for other names+      * **transparent** gives local data, but resolves normally for other names.
       * **redirect** serves the zone data for any subdomain in the zone.       * **redirect** serves the zone data for any subdomain in the zone.
       * **nodefault** can be used to normally resolve AS112 zones.       * **nodefault** can be used to normally resolve AS112 zones.
-      * **typetransparent** resolves normally for other types and other names +      * **typetransparent** resolves normally for other types and other names. 
-      * **inform** acts like transparent, but logs client IP address +      * **inform** acts like transparent, but logs client IP address. 
-      * **inform_deny** drops queries and logs client IP address +      * **inform_deny** drops queries and logs client IP address. 
-      * **inform_redirect** redirects queries and logs client IP address+      * **inform_redirect** redirects queries and logs client IP address.
       * **always_transparent, always_refuse, always_nxdomain**, resolve in that way but ignore local data for that name.       * **always_transparent, always_refuse, always_nxdomain**, resolve in that way but ignore local data for that name.
       * **noview** breaks out of that view towards global local-zones.       * **noview** breaks out of that view towards global local-zones.
 +    * See https://nlnetlabs.nl/documentation/unbound/unbound.conf/.
  
   * **local-data** configures local data.   * **local-data** configures local data.
Line 50: Line 57:
  
   * **local-data-ptr** configures local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name.   * **local-data-ptr** configures local data shorthand for a PTR record with the reversed IPv4 or IPv6 address and the host name.
 +
 +  * **view-first** specifies whether to use Global options if no matching view is found.
 +    * With **view-first yes**, it will try to answer using the global local-zone and local-data elements if there is no view specific match.
 +
 </WRAP> </WRAP>
  
Line 58: Line 69:
 ===== Override DNS queries for specific clients ===== ===== Override DNS queries for specific clients =====
  
-<code>+<code bash>
 server: server:
      ...      ...
Line 83: Line 94:
 Queries to this instance should return the following for my.aa/A: Queries to this instance should return the following for my.aa/A:
  
-<code>+<code bash>
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6565 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6565
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
Line 97: Line 108:
 The view named intview defines an alternative response, which is used when a query comes in to 127/8, as defined in the **access-control-view** statement: The view named intview defines an alternative response, which is used when a query comes in to 127/8, as defined in the **access-control-view** statement:
  
-<code>+<code bash>
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14806 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14806
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
Line 113: Line 124:
  
 <WRAP info> <WRAP info>
-**NOTE:**  It doesn’t appear to be possible to use views other than for local data.+**NOTE:**  It does not appear to be possible to use views other than for local data.
 </WRAP> </WRAP>
  
Line 129: Line 140:
 https://medium.com/nlnetlabs/response-policy-zones-in-unbound-5d453de75f26 https://medium.com/nlnetlabs/response-policy-zones-in-unbound-5d453de75f26
  
 +https://blog.nlnetlabs.nl/client-based-filtering-in-unbound/
networking/dns/unbound/views.1607081522.txt.gz · Last modified: 2020/12/04 11:32 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki