AW: AW: Offtopic: unbound Konfiguration
Uwe Drießen
driessen at fblan.de
Fr Mai 28 13:48:22 CEST 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You don't read all i wrote :-)
Finally, we want to add at least one entry that tells Unbound where to forward requests to for recursion. Note that we could forward specific domains to specific DNS servers. In this example, I'm just going to forward everything out to a couple of DNS servers on the Internet:
forward-zone:
name: "."
forward-addr: 1.1.1.1
forward-addr: 8.8.8.8
there you can do the holder for the rdns in and for which zone
the zone . is for all what is not local
or you try as zone name:".box" and the forward_addr: 192.168.178.1
make Update to unbound 1.13
take a look @ man unbound
.....-----------------------------------
The default zones are localhost, reverse 127.0.0.1 and ::1, the onion, test, invalid and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet
cannot provide correct answers. They are configured by default to give nxdomain (no reverse information) answers. The defaults can be turned off by specifying your own local-zone of that name, or using the 'nodefault' type.
Below is a list of the default zone contents.
localhost
The IP4 and IP6 localhost information is given. NS and SOA records are provided for completeness and to satisfy some DNS update tools. Default content:
local-zone: "localhost." redirect
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-data: "localhost. 10800 IN AAAA ::1"
reverse IPv4 loopback
Default content:
local-zone: "127.in-addr.arpa." static
local-data: "127.in-addr.arpa. 10800 IN NS localhost."
local-data: "127.in-addr.arpa. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "1.0.0.127.in-addr.arpa. 10800 IN
PTR localhost."
reverse IPv6 loopback
Default content:
local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
NS localhost."
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
PTR localhost."
onion (RFC 7686)
Default content:
local-zone: "onion." static
local-data: "onion. 10800 IN NS localhost."
local-data: "onion. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
test (RFC 6761)
Default content:
local-zone: "test." static
local-data: "test. 10800 IN NS localhost."
local-data: "test. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
invalid (RFC 6761)
Default content:
local-zone: "invalid." static
local-data: "invalid. 10800 IN NS localhost."
local-data: "invalid. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
reverse RFC1918 local use zones
Reverse data for zones 10.in-addr.arpa, 16.172.in-addr.arpa to 31.172.in-addr.arpa, 168.192.in-addr.arpa. The local-zone: is set static and as local-data: SOA and NS records are provided.
reverse RFC3330 IP4 this, link-local, testnet and broadcast
Reverse data for zones 0.in-addr.arpa, 254.169.in-addr.arpa, 2.0.192.in-addr.arpa (TEST NET 1), 100.51.198.in-addr.arpa (TEST NET 2), 113.0.203.in-addr.arpa (TEST NET 3), 255.255.255.255.in-addr.arpa. And from
64.100.in-addr.arpa to 127.100.in-addr.arpa (Shared Address Space).
reverse RFC4291 IP6 unspecified
Reverse data for zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
reverse RFC4193 IPv6 Locally Assigned Local Addresses
Reverse data for zone D.F.ip6.arpa.
reverse RFC4291 IPv6 Link Local Addresses
Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
reverse IPv6 Example Prefix
Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone with:
local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
You can also selectively unblock a part of the zone by making that part transparent with a local-zone statement. This also works with the other default zones.
local-data: "<resource record string>"
Configure local data, which is served in reply to queries for it. The query has to match exactly unless you configure the local-zone as redirect. If not matched exactly, the local-zone type determines further process‐
ing. If local-data is configured that is not a subdomain of a local-zone, a transparent local-zone is configured. For record types such as TXT, use single quotes, as in local-data: 'example. TXT "text"'.
If you need more complicated authoritative data, with referrals, wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub-zone for it as detailed in the stub zone section below.
I think there is all named you want to have :-)
Mit freundlichen Grüßen
Uwe Drießen
- --
Software & Computer
Netzwerke, Server.
Wir vernetzen Sie und Ihre Rechner !
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708660045
"wenn Digitalisierung den Aufwand im Vergleich zur Analogen Arbeitsweise dermaßen erhöht, das wir nur noch am PC sitzen müssten, dann wird es Zeit sich zu überlegen zur Analogen Arbeitsweise zurückzukehren"
"Programmierer müssen lernen wie Menschen denken. "
"Digitalisierung heißt nicht das es WENIGER Arbeit wird. Es ist die Intelligente Art die erforderliche Arbeit auf den Kunden zu übertragen."
Digitalisierung darf nicht zur Entmündigung und Benachteiligung der älteren brillentragenden Mitbürger führen."
" Es gibt über 2000 Jahre alte Papierdokumente, 10000 Jahre alte Steindokumente, ich wette das älteste elektronische Dokument ist noch keine 100 Jahre."
> -----Ursprüngliche Nachricht-----
> Von: J. Fahrner [mailto:jf at fahrner.name]
> Gesendet: Freitag, 28. Mai 2021 12:33
> An: Uwe Drießen
> Betreff: Re: AW: Offtopic: unbound Konfiguration
>
> Hallo Uwe,
>
> Am 2021-05-28 09:37, schrieb Uwe Drießen:
> > Welche Version hat denn dein unbound ?
> >
> > Ich habe hier 1.13.1
>
> Ich habe 1.9.0
>
> > include: "/etc/unbound/unbound.conf.d/unbound_IP-Adresses"
> >
> > local-zone: "fritz.box" redirect
> > local-data: "fritz.box A 192.168.178.1"
>
> Das wäre ja für die Vorwärtsauflösung, die funktioniert ja. Mein Problem
> ist die Rückwärtsauflösung, also irgendwas mit 178.168.192.in-addr.arpa.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEkT5V0950pM80Xu3sur3LxV3cLvwFAmCw2H0ACgkQur3LxV3c
LvzszwgAkDs8o24j4HfkATVU7ZSpwNa9a5Qq6pzZ5uzim4hDJKyhZolK/ybMN/ni
Q6gC1oxDNONYly/K7Mf4QYwCus8oR0wXvGTo/iyANakxQG3lJLR+rDgW7/F4U3la
/PMXQecgN4JHNFHdRn6/Vr8PFrhufOAUILHeUZBgouSFzlglxClZL6pQnEVwwnft
PTABv0vrg6mpitxK5oj7/07vh1B6paxhfFjnIghPeg5dj3kBqXWYoEpF7wNhRRW5
UJIbD97YyIYBbYBtG+TN68cvQdD60HeCFCleK6HDNXfi1LhXi77prvJf79Tat6BD
JzZqXeHTt5Gd9s3aQDdyugs8xZzeTg==
=MT43
-----END PGP SIGNATURE-----
Mehr Informationen über die Mailingliste postfix-users