networking:dns:unbound:recursive_queries
This is an old revision of the document!
Table of Contents
Networking - DNS - Unbound - Recursive Queries
Control which clients are allowed to make (recursive) queries to the server.
Specify classless netblocks with /size and action.
access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: ::ffff:127.0.0.1 allow
NOTE: By default everything is refused, except for localhost.
Options include:
- deny - Drop message.
- refuse - Polite error reply.
- allow - Recursive ok.
- allow_setrd - Rrecursive ok, rd bit is forced on.
- allow_snoop - Recursive and non-recursive ok.
- deny_non_local - Drop queries unless can be answered from local-data.
- refuse_non_local - Like deny_non_local but polite error reply.
Tag access-control
Tag access-control with a list of tags. (in “” with spaces between).
Clients using this access control element use localzones that are tagged with one of these tags.
access-control-tag: 192.0.2.0/24 "tag2 tag3"
Set action for a particular tag
Set action for a particular tag for a given access control element if you have multiple tag values
The tag used to lookup the action is the first tag match between access-control-tag and local-zone-tag where “first” comes from the order of the define-tag values.
access-control-tag-action: 192.0.2.0/24 tag3 refuse
Set redirect data for particular tag for access control element
access-control-tag-data: 192.0.2.0/24 tag2 "A 127.0.0.1"
Set view for access control element
access-control-view: 192.0.2.0/24 viewname
networking/dns/unbound/recursive_queries.1607419012.txt.gz · Last modified: 2020/12/08 09:16 by peter