I think unbound has built-in hints, which it will use unless something
else is specified. So I doubt empty file will change its behavior.
Specifying something bogus could prevent it, but local-zone as proposed
by Yorgos seems more maintainable solution.
Something like:
server:
local-zone: "." "refuse"
Seems to work similar way as dnsmasq, when it does not have forwarders
configured. But responds with local data known, for example localhost.
A bit problem is if I define just subdomain forwarding, it will still
return REFUSED.
But if I configure also local-zone: "test" "nodefault", where "test" is
the subdomain with forwarders, it work well. And we do not have to
publish false hints this way.
I think we just miss batch adding via unbound-control, if multiple
commands need to be used for a single domain.
Cheers,
Petr
On 07. 10. 24 17:40, Grayhat via Unbound-users wrote:
an "empty" root-hints
I mean, a root-hints file containing something like (e.g.)
. 3600000 NS a.fake.internal
a.fake.internal. 3600000 A 192.0.2.254
. 3600000 NS b.fake.internal
b.fake.internal. 3600000 A 192.0.2.253
. 3600000 NS c.fake.internal
c.fake.internal. 3600000 A 192.0.2.252
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
