Specifically in this case I want to prevent wpad.<whatever> lookups. Seems I can refuse to answer the query with:
local-zone: "wpad.<whatever>." refuse or send effectively invalid information: local-data: "wpad.<whatever>. A 127.0.0.1" - or via a stub-zone auth server (nsd) method The network in question has a mix of corporate owned and privately owned systems, the users have full control over their privately owned systems however they must use the local unbound cache for DNS as only the server running unbound has egress to port 53. DHCP assigns only this one DNS server to the internal clients. Is one more effective than the other? Does a refusal effectively stop further inquiries from the client? Or would it free up the client sooner, longer or more effectively to send it the localhost address? Is one possibly more effective against a rogue DNS server on the network? Or against a rogue system with a hostname of wpad (maybe advertising itself via NetBIOS - hopefully static wins entries prevent this - or some other method)? Thank you, Chris _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
