mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
refused stops retries.
git-svn-id: file:///svn/unbound/trunk@823 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
317938efba
commit
e7cb0f27cc
2 changed files with 8 additions and 0 deletions
|
|
@ -1,3 +1,8 @@
|
|||
2 January 2008: Wouter
|
||||
- fixup typo in requirements.
|
||||
- document that 'refused' is a better choice than 'drop' for
|
||||
the access control list, as refused will stop retries.
|
||||
|
||||
7 December 2007: Wouter
|
||||
- unbound-host has a -d option to show what happens. This can help
|
||||
with debugging (why do I get this answer).
|
||||
|
|
|
|||
|
|
@ -168,6 +168,9 @@ Deny stops queries from hosts from that netblock.
|
|||
Refuse stops queries too, but sends a DNS rcode REFUSED error message back.
|
||||
Allow gives access to clients from that netblock.
|
||||
By default only localhost is allowed, the rest is refused.
|
||||
The default is refused, because that is protocol-friendly. The DNS protocol
|
||||
is not designed to handle dropped packets due to policy, and dropping may
|
||||
result in (possibly excessive) retried queries.
|
||||
.It \fBchroot:\fR <directory>
|
||||
If given a chroot is done to the given directory. The default is
|
||||
"/etc/unbound". If you give "" no chroot is performed.
|
||||
|
|
|
|||
Loading…
Reference in a new issue