Bug 4204 - Inform zone type and redirection
Inform zone type and redirection
Status: NEW
Product: unbound
Classification: Unclassified
Component: server
unspecified
x86_64 Linux
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-09 11:39 CET by echard
Modified: 2018-11-09 11:39 CET (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description echard 2018-11-09 11:39:58 CET
Hello,

I need help on a specific configuration of Unbound DNS server.


I want that Unbound works as following :
- By default, all domains are forwarded
- An imported domain list (thousands of records) will return the server IP (work like a blacklist)
- If the domain is blacklisted, the domain will be written into the log file
- The Unbound server manages multiple LAN: each blacklisted domain should be redirected to the server IP of the incoming LAN.

------------------------------

Here is my current configuration:

server:
	verbosity: 1
	logfile: "/var/log/unbound/unbound-blacklist.log"
	chroot: ""
	define-tag: "blacklist"

	interface: 192.168.1.1
	access-control: 192.168.1.0/24 allow
	access-control-tag: 192.168.1.0/24 "blacklist"
	access-control-tag-action: 192.168.1.0/24 "blacklist" redirect
	access-control-tag-data: 192.168.1.0/24 "blacklist" "A 192.168.1.1"

        interface: 192.168.2.1
	access-control: 192.168.2.0/24 allow
	access-control-tag: 192.168.2.0/24 "blacklist"
	access-control-tag-action: 192.168.2.0/24 "blacklist" redirect
	access-control-tag-data: 192.168.2.0/24 "blacklist" "A 192.168.2.1"

        local-zone: domain-a.fr typetransparent
        local-zone-tag: domain-a.fr blacklist
        local-zone: domain-b.fr typetransparent
        local-zone-tag: domain-b.fr blacklist
    
forward-zone:
	name: "."
	forward-addr: 8.8.8.8
	forward-addr: 8.8.4.4

------------------------------

What is working:
- An unblacklisted domain is answered normally.
- A blacklisted domain is redirected to the server IP of the incoming LAN.

What I can't do:
- Writing the blacklisted domains into the log file. I am aware of the "inform" zone type, but I can't use it and redirect to the IP server address (with blacklist tag) at the same time. I need a kind of "inform_redirect" zone type.

Do you have any idea of how I can configure Unbound to work as expected?

Thank you.