I have always done, Local-zone: "badsite.org" redirect
Thank you, Steven -------- Original Message -------- On Mar 17, 2022, 10:16, Marc Franquesa via Unbound-users wrote: > I'm implementing a sinkhole using unbound, almost all documentation/example I > found configure the blocked domains as: > > local-zone "zone" inform_deny > > As per unbound documentation, 'deny' drops the query. My understanding is > that client querying that domain will experience a timeout during DNS > resolution. This would cause an added delay/latency in resolution and even > the client failing back to another DNS server (and may be getting a positive > answer). > > So instead of 'inform_deny', I use 'always_nxdomain' so get immediate > response and stop the resolution process on the client. > > However this way I lose the logging feature provided by 'inform'. > > How could I get this/which would be the recommended setup?: > > - Quickly get a no-way response (NODATA/NXDOMAIN/...) which don't cause any > latency/delay on the client while > - Record clients querying the black listed domains > > BTW, I'm reviewing the use of RPZ on unbound to achieve the same, as I like > the way they are implemented. I suppose this method will also have a > different setup to achieve the saem (immediate negative response and logging > the suspicious client). > > Thanks much for any idea/suggestion on the right path.
