upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 16:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

refused stops retries.

Browse source 
git-svn-id: file:///svn/unbound/trunk@823 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2008-01-02 13:48:19 +00:00
parent 317938efba
commit e7cb0f27cc
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/Changelog
View file

@ -1,3 +1,8 @@
2 January 2008: Wouter
- fixup typo in requirements.
- document that 'refused' is a better choice than 'drop' for
the access control list, as refused will stop retries.
7 December 2007: Wouter 7 December 2007: Wouter
- unbound-host has a -d option to show what happens. This can help - unbound-host has a -d option to show what happens. This can help
with debugging (why do I get this answer). with debugging (why do I get this answer).

3
doc/unbound.conf.5
View file

@ -168,6 +168,9 @@ Deny stops queries from hosts from that netblock.
Refuse stops queries too, but sends a DNS rcode REFUSED error message back. Refuse stops queries too, but sends a DNS rcode REFUSED error message back.
Allow gives access to clients from that netblock. Allow gives access to clients from that netblock.
By default only localhost is allowed, the rest is refused. By default only localhost is allowed, the rest is refused.
The default is refused, because that is protocol-friendly. The DNS protocol
is not designed to handle dropped packets due to policy, and dropping may
result in (possibly excessive) retried queries.
.It \fBchroot:\fR <directory> .It \fBchroot:\fR <directory>
If given a chroot is done to the given directory. The default is If given a chroot is done to the given directory. The default is
"/etc/unbound". If you give "" no chroot is performed. "/etc/unbound". If you give "" no chroot is performed.