Restrict forward-zones access

Charles-antoine Guillat-Guignard xarli at xarli.net
Thu Nov 12 14:39:58 UTC 2015


Hello,

I am looking for a way to restrict the clients to which Unbound should
answer on a specific domain. For instance, answer to ranges defined by
the RFC1918 in general, but only allow access to example.local for the
clients in the 10.0.0.0/8 range.

To be more explicit, the aim is to prevent some clients (although they
are legitimate in the general case, and should be answered for external
domains) to query some internal domain names (private TLD).

If I cannot do anything else, I will go for multiple instances, which is
far from being optimal (would mean more resources, multiple instances of
cached answers, necessity to use mutiple IP addresses,etc...).

Thank you in advance.

Regards,

Charles-Antoine Guillat-Guignard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20151112/c49f1ccd/attachment.bin>


More information about the Unbound-users mailing list