Hi,
is it possible to have interface specific access-controls?
For example have an open acl for the DoT listener
but a more restrictive acl on the plain DNS listener interface?
I haven't seen a way to link access-control to interface
statements.
thanks,
Christoph
Let’s say you have two interfaces. 1 and 2. Suppose DNS over TLS is at interface 1.
Does interface 1 is your upstream? Does it 2? Neither?
In what way would you like interface 1, or interface 2, to be more privileged then the other interface,
or to let more access-control then the other?
Perhaps others managed to understand your question better then me.
Can you post your configuration file?
ronvarburg@yahoo.com wrote:
Let's say you have two interfaces. 1 and 2. Suppose DNS over TLS is
at interface 1. Does interface 1 is your upstream? Does it 2?
Neither? In what way would you like interface 1, or interface 2, to
be more privileged then the other interface, or to let more
access-control then the other?
When I say "interface" I'm referring to
unbound's "interface:" config directive (not a network interface eth0,
eth1, ...).
The use case is:
DoT (853) should have an ACL of
access-control: 0.0.0.0/0 allow
access-control: ::0/0 allow
DNS (53) should have a restrictive ACL (only whitelisted netblocks).
Is that possible or does that require multiple unbound instances?
thanks,
Christoph
Hello,