I deal with a really fuzzy problem. For some reasons we decided to create resolver host that will only resolves soveral domains and replay with 'nodata' to any other requests. Ok, I've set up the machine, and set up unbound on it, then put some stub-zone's into config - works great. Now what I need is how to stop unbound to answer for all other requests?
If I put
local-zone: "." static
in the config, no requests are answered at all, if I put it by the end of config (so stub-zones will be parsed first) I got a configuration error.
I deal with a really fuzzy problem. For some reasons we decided to
create resolver host that will only resolves soveral domains and replay
with 'nodata' to any other requests. Ok, I've set up the machine, and
set up unbound on it, then put some stub-zone's into config - works
great. Now what I need is how to stop unbound to answer for all other
requests?
That is a weird configuration to decide on.
If I put
local-zone: "." static
in the config, no requests are answered at all, if I put it by the end
of config (so stub-zones will be parsed first) I got a configuration error.
Because it must be in the server: clause, you could make a new server:
clause at the end of the file, but actually, the order of statements
does not have an effect here.
If there any way to do what I need?
Put
local-zone: "serve-this.com" transparent
statements to punch holes in the "." static where resolution will
proceed normally. For all of the domains where you also have
stub-zones. Unbound picks the most specific local-zone and applies its
policy to the query, so you can nest local-zone definitions inside other
local-zones. (it also takes the most specific access-control
statements, stubs and forwards, by the way).