upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

stubzone text.

Browse source 
git-svn-id: file:///svn/unbound/trunk@841 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2008-01-11 10:18:48 +00:00
parent 2756924a44
commit ad78119e19
2 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/Changelog
View file

@ -1,3 +1,7 @@
11 January 2008: Wouter
- man page, warning removed.
- added text describing the use of stub zones for private zones.
10 January 2008: Wouter
- typo in example.conf.
- made using ldns-src that is included the package more portable

26
doc/unbound.conf.5
View file

@ -395,6 +395,10 @@ no match from local\-data. The types are deny, refuse, static, transparent,
redirect, nodefault, and are explained below. After that the default settings
are listed. Use local\-data: to enter data into the local zone. Answers for
local zones are authoritative DNS answers. By default the zones are class IN.
.IP
If you need more complicated authoritative data, with referrals, wildcards,
CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
it as detailed in the stub zone section below.
.TP 10
\h'5'\fIdeny\fR
Do not send an answer, drop the query.
@ -500,12 +504,34 @@ further processing. If local\-data is configured that is not a subdomain of
a local\-zone, a transparent local\-zone is configured.
For record types such as TXT, use single quotes, as in
local\-data: 'example. TXT "text"'.
.IP
If you need more complicated authoritative data, with referrals, wildcards,
CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
it as detailed in the stub zone section below.
.SS "Stub Zone Options"
.LP
There may be multiple
.B stub\-zone:
clauses. Each with a name: and zero or more hostnames or IP addresses.
For the stub zone this list of nameservers is used. Class IN is assumed.
.P
The stub zone can be used to configure authoritative data to be used
by the resolver that cannot be accessed using the public internet servers.
This is useful for company\-local data or private zones. Setup an
authoritative server on a different host (or different port). Enter a config
entry for unbound with
.B stub\-addr:
<ip address of host[@port]>.
The unbound resolver can then access the data, without referring to the
public internet for it.
.P
This setup allows DNSSEC signed zones to be served by that
authoritative server, in which case a trusted key entry with the public key
can be put in config, so that unbound can validate the data and set the AD
bit on replies for the private zone (authoritative servers do not set the
AD bit). This setup makes unbound capable of answering queries for the
private zone, and can even set the AD bit ('authentic'), but the AA
('authoritative') bit is not set on these replies.
.TP
.B name: \fI<domain name>
Name of the stub zone.