unbound with local-zone: option
luzar722 at gmail.com
Mon Aug 28 14:52:54 UTC 2017
Host is running release 11.1 and I enabled the built in unbound.
Have public internet provided by time warner and using their dns
servers. Also have LAN behind host.
The goal is to deny access to facebook.com at the local host level for
all LAN devices.
The first "service local_unbound onestart" command auto created all
kinds of files in /var/unbound and /etc.
I added this line into the /var/ubound/unbound.con file
Before the first include: statement
IE: include: /var/unbound/forward.conf
local-zone: "facebook.com" static
"service local_unbound onestart" command got no errors but issuing drill
or host commands for facebook still brought up info when I expected to
After a lot of trial and error I finally decided to start over again. I
deleted all the files in /var/unbound and issued the
"service local_unbound onestart" command which I expected would rebuild
all the needed files anew. But this time it issued error messages about
being unable to create some files.
I am now dead in space with the only option being to install a fresh
copy of 11.1.
Is the built in version of unbound only usable as an local caching
resolver? Meaning it will not process local-zone: statements in the
How do I get unbound to re-init itself cleanly?
When does unbound get control? Is it after the firewall does its NATing
and released the packet to the public interface?
talks about DNSSEC, but is not very clear in meaning.
I issued "drill -S FreeBSD.org" which I assume the provided dns ip
address in /etc/resolv.conf are being used, resulted in this.
DNSSEC Trust tree:
You have not provided any trusted keys.
;; Chase successful
Is this good or bad and does it have any bearing on the host built in
More information about the freebsd-questions