Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [some global config]
- server:
- chroot: /var/unbound
- username: unbound
- directory: /var/unbound
- pidfile: /var/run/unbound.pid
- root-hints: /root.hints
- use-syslog: yes
- verbosity: 2
- do-ip4: yes
- do-udp: yes
- do-tcp: yes
- do-daemonize: yes
- serve-expired: no
- jostle-timeout: 200
- auto-trust-anchor-file: /var/unbound/root.key
- prefetch: no
- [some tag defs]
- define-tag:client_group_A
- define-tag:client_group_B
- [some tagging rules, a bit like this]
- if (client_IP in subnet 10.0.0.0/16) then: tag=client_group_A
- if (client_IP in subnet 10.1.0.0/16) then: tag=client_group_B
- if (client_IP in subnet 10.2.0.0/16) then: tag=client_group_C
- if (client_port == 53) then: tag=client_group_A
- if (client_port == 1053) then: tag=client_group_B
- [finally, some views, a bit like this]
- if (tagged with client_group_A) then: {
- "." forwarding rules applicable to client_group_A
- some local-zone and local_data to serve to client_group_A
- }
- if (tagged with client_group_B) then: {
- "." forwarding rules applicable to client_group_B
- some local-zone and local_data to serve to client_group_B
- }
- if (tagged with client_group_C) then: {
- no forwarding rules - authoritative responses only for 2 specific domains
- }
- if (untagged) then: {
- "." forwarding rules applicable to untagged clients
- some local-zone and local_data to serve to untagged clients
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement