networking:dns:unbound:recursive_queries
This is an old revision of the document!
Networking - DNS - Unbound - Recursive Queries
Control which clients are allowed to make (recursive) queries to the server.
Specify classless netblocks with /size and action.
access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: ::ffff:127.0.0.1 allow
NOTE: By default everything is refused, except for localhost.
Options include:
- deny - Drop message.
- refuse - Polite error reply.
- allow - Recursive ok.
- allow_setrd - Rrecursive ok, rd bit is forced on.
- allow_snoop - Recursive and non-recursive ok. * deny_non_local - Drop queries unless can be answered from local-data. * refuse_non_local - Like deny_non_local but polite error reply. </WRAP> —- Tag access-control with list of tags (in “” with spaces between). Clients using this access control element use localzones that are tagged with one of these tags. <code> access-control-tag: 192.0.2.0/24 “tag2 tag3” </code> Set action for particular tag for given access control element if you have multiple tag values, the tag used to lookup the action the first tag match between access-control-tag and local-zone-tag** where “first” comes from the order of the define-tag values.
access-control-tag-action: 192.0.2.0/24 tag3 refuse
Set redirect data for particular tag for access control element
access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
Set view for access control element
access-control-view: 192.0.2.0/24 viewname
networking/dns/unbound/recursive_queries.1607418609.txt.gz · Last modified: 2020/12/08 09:10 by peter