https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238819
Dag-Erling Smørgrav <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Open |Closed Resolution|--- |Works As Intended --- Comment #1 from Dag-Erling Smørgrav <[email protected]> --- (In reply to tschweikle from comment #0) > Missing are: > - allow localhost to query This is the built-in default. > - allow private addresses > - allow private addresses reverse lookup This is what “unblock-lan-zones” and “insecure-lan-zones” are for. > - dont cache failed requests to forwarders (may lead to problems if your > printer was turned of, you tried to print, and then you notice it is turned > of. You turn it on and then: printing just fails, because unbound did cache > the "notfound"). Unless your printer is also your DNS server, it being off will in no way affect Unbound's behavior. Since you're running FreeBSD 12, I recommend switching to DNS over TLS, as described here: https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/ If you have a local DNS server that serves private zones, you will need to add an exception for those zones. Put something like this in /var/unbound/conf.d/private-zones.conf, then run `local-unbound-control reload`: forward-zone: # Replace "example.local" with the name of your zone and # "172.16.0.1" with the IP address of your local DNS server. name: example.local. forward-addr: 172.16.0.1 # Allow your zone to contain RFC 1918 addresses. private-domain: "example.local." # Ignore DNSSEC errors for your zone. domain-insecure: "example.local." # Do not use TLS for this forwarder. forward-tls-upstream: no # Fall back to the main forwarder if this one fails. # This is rarely needed, but it doesn't hurt. forward-first: yes -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
