This is an old revision of the document!
Networking - DNS - Unbound - Recursive Queries
Control which clients are allowed to make (recursive) queries to the server.
Specify classless netblocks with /size and action.
access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: ::ffff:127.0.0.1 allow
NOTE: By default everything is refused, except for localhost.
Options include:
- deny - Drop message.
- refuse - Polite error reply.
- allow - Recursive ok.
- allow_setrd - Rrecursive ok, rd bit is forced on.
- allow_snoop - Recursive and non-recursive ok.
- deny_non_local - Drop queries unless can be answered from local-data.
- refuse_non_local - Like deny_non_local but polite error reply.
Tag access-control with list of tags (in “” with spaces between).
Clients using this access control element use localzones that are tagged with one of these tags.
access-control-tag: 192.0.2.0/24 "tag2 tag3"
Set action for particular tag for given access control element if you have multiple tag values, the tag used to lookup the action the first tag match between access-control-tag and local-zone-tag where “first” comes from the order of the define-tag values.
access-control-tag-action: 192.0.2.0/24 tag3 refuse
Set redirect data for particular tag for access control element
access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
Set view for access control element
access-control-view: 192.0.2.0/24 viewname