Unbound 1.6.0rc1 prerelease

W.C.A. Wijngaards wouter at nlnetlabs.nl
Fri Dec 16 08:02:01 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Spike,

No unbound.conf doesn't have regexps in the local-zone strings.
That is more like something a python module could do.

Best regards, Wouter

On 15/12/16 20:18, Spike wrote:
> Brilliant, thank you Wouter for your insight, this is enough to get
> us off of the python module at least on half of our instances. I've
> clearly still much to learn about unbound and how to leverage its
> power.
> 
> For some other cases however in the python script I'm using simple 
> regexps and I'm wondering if there is any way to use wildcards in
> the local-zone string. So, following from your example, could I do
> something like:
> 
> local-zone: "domain.tld" static local-zone: "www*.domain.tld"
> transparent
> 
> so that nothing resolves except www1.domain.tld, www2.domain.tld
> etc.
> 
> thanks,
> 
> Spike
> 
> On Thu, Dec 15, 2016 at 12:16 AM W.C.A. Wijngaards via
> Unbound-users <unbound-users at unbound.net
> <mailto:unbound-users at unbound.net>> wrote:
> 
> Hi Spike,
> 
> Just wanted to add a small comment:
> 
> On 15/12/16 05:04, Spike via Unbound-users wrote:
>> unfortunately in some cases I need inverted regexps/whitelists,
>> for example allow sub.domain.tld but otherwise block
>> *.domain.tld. As
> far as
>> I could see you can't do that with local-data.
> 
> Yes this is possible, with local-zone: "domain.tld" static 
> local-zone: "sub.domain.tld" transparent
> 
> The most specific match is used.  The sub.domain.tld resolves
> normally. But other queries, like foo.domain.tld, get NXDOMAIN.
> 
> Best regards, Wouter
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYU590AAoJEJ9vHC1+BF+NXugQAImFApg5tkCAOcsSnPR90RjB
WeA9IMK9gs8Zo/7kiSE3VDOCcTrnffs/n4RIKxnCOPvk+qGCX7+muX/y3v7n7Y/O
Ik6Oqcy4P+xu36vP+HIXSsHcpOw9mzhFDbr3xN3728GIO87qbrHS7FK8DxqmpYhU
kd4Mejbq/bDi06i8QYHnaADfFF01Lw4+wrT4BsTn3eTE2t7DGt3t+YCt2Ql+xcf3
3YIf5qOv7E4ZZzxEAt+pAKgyJpZ5LI5K3sMUwoMBYpRiz3cCQDROL98xnvFShmCC
X5TrAuAgIYM/O5JxjVxX2jfFt3uCvDHKnJvKUod+R4Ge7KXDYFsoM5lQa9VMg7Ug
4xCAZD4ryXTHLzW8Rj6laxwVOpMHJBnx+siJtGqp/6tbc1wBI/mDxs7YBjVSrt7z
ynpTp3PxIpNVVe+J9dQkQijOlm0633fEIx87B229inJrfQT0VHyP8ep+x++1jP2F
M1QcPu0ReRPDqy8xwx/JM5+Oex1A/+FLp5wD0SWdJbt70DXy5hNhAYd8cKeR+zbw
f2d5vilftLPaY8BEeA8cKiR1sjrs9b64wTmg+IKLw9jZ0t6YlLO1ZUx0NnhT3c+G
5Q7xzgG27KKQPB+TIIUtxgXXLRo306bw70MjeS1o7zT+iaeyzVDSJdxWPTOw3fiu
gPZarGW/3Mj9n0IiX6TS
=cnOn
-----END PGP SIGNATURE-----

More information about the Unbound-users mailing list