Hi Wouter,
On Tue, Feb 11, 2014 at 09:37:27AM +0100, W.C.A. Wijngaards wrote:
> > On 2014-02-10, at 16:17, Jiri Bohac <[email protected]> wrote:
>
> The options are called deny_non_local and refuse_non_local. They
> differ in what you want them to do with the disallowed
> non-authoritative queries (drop or refuse, refuse is nicer and is more
> like a regular authority server).
I looked at the patch, but that only adds acl options for local
zones. My authoritative zones are served by a locally running
NSD (on a nonstandard port) that unbound uses through a stub
zone.
Do you think adding another two options, e.g.
deny_non_stub
refuse_non_stub
would make sense?
Or perhaps changing
deny_non_stub to deny_non_recursive
and
refuse_non_stub to refuse_non_recursive
... and differentiating based on the DR bit of the request,
instead of the zone?
I can make, test and post the patches.
Thanks,
--
Jiri Bohac
e-mail/jabber: [email protected]
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
