Hi,
I configured NSD as authoritative named server. it works fine.
I configured on the same serveur unbound abd use "stub-zone" directive to query name server.
how configure unbound to allow ALL IP to query all zone in name server NSD (like an authoritative name serveur) but limit recursion (ex query A for google.fr) for a subnet only.
I tried tu configure "access-control" but not result.
Could you help me ?
what is my mistake
have a nice day
jean
It seems like you are trying to use unbound to provide access to
authoritative DNS as well as DNS resolver on the same IP address.
This won't work because the AA flag won't be set correctly.
(for proof that this is a problem, see the analysis of Microsoft's
recent attempt at "cleaning" the no-ip DNS zones..)
What you *could* do, is run separate nsd on a different port,
and use firewall rules to redirect external addresses to it.
Otherwise use separate IP addresses for nsd and unbound.
Sorry wrong explanation about the AA flag, I was mistaken, if it
was just that it would be likely logged as lame delegation but
should still query. It is the RD flag that will cause problems.
To prove it to yourself, use "dig +norecurse" and point it at
1. unbound with the stub-zone configuration and 2. nsd directly.
More explanation at
http://www.unchartedbackwaters.co.uk/pyblosxom/microsoft_noip_dos