Hi Aggelos, And also add local-zones name transparent for your names for which you also have the forward-zones. Those local-zones with the local zone type transparent make holes in the refuse policy for '.', and unbound uses the most specific local-zone, so unbound then allows the names that are transparent, but then denies all the other names.
Best regards, Wouter On 28/11/17 11:31, Aggelos Kanarelis wrote: > Hi Wouter > > > > So just to summarize. > > > > A local zone with "." refuse > > > > Then my existing forward zones? > > > > Thanks > > > > Aggelos Kanarelis > > Systems Engineer > > > > *Arts Alliance Media Ltd* > > T: +44 (0)20 7751 7525 / M: +44 (0)7809427708 > > aggelos.kanare...@artsalliancemedia.com > <mailto:aggelos.kanare...@artsalliancemedia.com>____ > > www.artsalliancemedia.com <http://www.artsalliancemedia.com/> > > > > Landmark House > Hammersmith Bridge Road > London W6 9EJ__ > > > > Follow us on Twitter <https://twitter.com/ArtsAllianceM/>/ Facebook > <http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309>/ > LinkedIn <https://www.linkedin.com/company/arts-alliance-media> > > > > *From:*W.C.A. Wijngaards [mailto:wou...@nlnetlabs.nl] > *Sent:* 28 November 2017 08:15 > *To:* Aggelos Kanarelis <aggelos.kanare...@artsalliancemedia.com> > *Subject:* Re: Configuration issue > > > > Hi Aggelos, > > With that I mean you could have the defaults after the local-zone > statements that act to filter the inputs. And then unbound performs > regular recursive DNS server lookups. > > But you could also include the forward-zone: text from config that you > have already, and configure the lookups to be performed at particular > upstream servers. > > So I meant the pieces of text starting with forward-zone: > > Best regards, Wouter > > On 27/11/17 17:28, Aggelos Kanarelis wrote: >> Thanks Wouter >> >> >> >> I am a little green so what do you mean by forward clauses? How would I >> add those? >> >> >> >> Thanks >> >> >> >> Aggelos Kanarelis >> >> Systems Engineer >> >> >> >> *Arts Alliance Media Ltd* >> >> T: +44 (0)20 7751 7525 / M: +44 (0)7809427708 >> >> aggelos.kanare...@artsalliancemedia.com > <mailto:aggelos.kanare...@artsalliancemedia.com> >> <mailto:aggelos.kanare...@artsalliancemedia.com>____ >> >> www.artsalliancemedia.com <http://www.artsalliancemedia.com> > <http://www.artsalliancemedia.com/> >> >> >> >> Landmark House >> Hammersmith Bridge Road >> London W6 9EJ__ >> >> >> >> Follow us on Twitter <https://twitter.com/ArtsAllianceM/>/ Facebook >> <http://www.facebook.com/pages/Arts-Alliance-Media/115700988468309>/ >> LinkedIn <https://www.linkedin.com/company/arts-alliance-media> >> >> >> >> *From:*Unbound-users [mailto:unbound-users-boun...@unbound.net] *On >> Behalf Of *W.C.A. Wijngaards via Unbound-users >> *Sent:* 27 November 2017 16:09 >> *To:* unbound-users@unbound.net <mailto:unbound-users@unbound.net> >> *Subject:* Re: Configuration issue >> >> >> >> Hi, >> >> The order does not matter for local-zone, local-data, forward and stub >> clauses. Unbound picks the closest one. First the local-zone and >> local-data statements are processed. Then the cache of forward and stub >> data. Then the lookup vi forward and stub data. >> >> You could create a local-zone: "." refuse and local-zone: "example.com > <http://example.com> >> <http://example.com>" >> transparent for all of the names you want resolved. If you want those >> names forwarded somewhere, you can then also include forward clauses for >> those names. The other names are rejected. >> >> Best regards, Wouter >> >> On 27/11/17 15:09, Sonic via Unbound-users wrote: >>> Maybe post the unbound.conf file (no comment lines please). >>> >> >
signature.asc
Description: OpenPGP digital signature