Right, so when I create a wildcard zone and forward to nothing it stopped resolving my addresses as well. Any ideas? Aggelos Kanarelis Systems Engineer Arts Alliance Media Ltd T: +44 (0)20 7751 7525 / M: +44 (0) 7809427708 Aggelos.kanarelis at artsalliancemedia.com www.artsalliancemedia.com Landmark House Hammersmith Bridge Road London W6 9EJ Follow us on Twitter / Facebook / LinkedIn -----Original Message----- From: Sonic [mailto:sonicsmith at gmail.com] Sent: 27 November 2017 13:26 To: Aggelos Kanarelis <Aggelos.Kanarelis at artsalliancemedia.com> Cc: unbound-users at unbound.net Subject: Re: Configuration issue On Mon, Nov 27, 2017 at 8:10 AM, Aggelos Kanarelis <Aggelos.Kanarelis at artsalliancemedia.com> wrote: > > Thanks for your reply, but that will only have the queries answered by a different server. I don't want them answered at all. The endpoints that will be configured with that DNS server must only be able to resolve the domains that I will specifically configure with a forward zone. Everything else must be denied, sorry if I wasn't clear enough in my initial query. > Guess I misread that. Then don't use a wildcard forward and drop the validator module from the configuration): module-config: iterator Then unbound can only answer the configured forwards, stub-zones, and local data. Is that what you want?