MoinQ: DNS/実装/unbound/unbound.conf/local-zone

DNS/unbound/unbound.conf/local-zoneについて、ここに記述してください。

local-zone: <zone> <type>

• Configure a local zone. The type determines the answer to give if there is no match from local-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetranspar- ent, and are explained below. After that the default settings are listed. Use local-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN.

• If you need more complicated authoritative data, with referrals,
  • wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup a stub-zone for it as detailed in the stub zone section below.
  • deny Do not send an answer, drop the query. If there is a match
    • from local data, the query is answered.
    refuse
    • Send an error message reply, with rcode REFUSED. If there is a match from local data, the query is answered.
    static
    • If there is a match from local data, the query is answered. Otherwise, the query is answered with nodata or nxdomain. For a negative answer a SOA is included in the answer if present as local-data for the zone apex domain.
    transparent
    • If there is a match from local data, the query is answered. Otherwise if the query has a different name, the query is resolved normally. If the query is for a name given in localdata but no such type of data is given in localdata, then a noerror nodata answer is returned. If no local-zone is given local-data causes a transparent zone to be created by default.
    typetransparent
    • If there is a match from local data, the query is answered. If the query is for a different name, or for the same name but for a different type, the query is resolved normally. So, similar to transparent but types that are not listed in local data are resolved normally, so if an A record is in the local data that does not cause a nodata reply for AAAA queries.
    redirect
    • The query is answered from the local data for the zone name. There may be no local data beneath the zone name. This answers queries for the zone, and all subdomains of the zone with the local data for the zone. It can be used to redirect a domain to return a different address record to the end user, with local-zone: "example.com." redirect and local-data: "example.com. A 127.0.0.1" queries for www.exam- ple.com and www.foo.example.com are redirected, so that users with web browsers cannot access sites with suffix exam- ple.com.
    nodefault
    • Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'node- fault' option has no other effect than turning off default contents for the given zone.

The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones.

• The AS112 zones are reverse DNS zones for private use and
  • reserved IP addresses for which the servers on the internet cannot pro- vide correct answers.

• They are configured by default to give nxdomain
  • (no reverse information) answers. The defaults can be turned off by specifying your own local-zone of that name, or using the 'nodefault' type. Below is a list of the default zone contents.
    • localhost
      • The IP4 and IP6 localhost information is given. NS and SOA records are provided for completeness and to satisfy some DNS update tools. Default content: local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN
        • SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "localhost. 10800 IN A 127.0.0.1" local-data: "localhost. 10800 IN AAAA ::1"
      reverse IPv4 loopback
      • Default content: local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN
        • SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "1.0.0.127.in-addr.arpa. 10800 IN
        • PTR localhost."
      reverse IPv6 loopback
      • Default content: local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
        • 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
        local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
        • 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
        local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
        • 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
        local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
        • 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
      reverse RFC1918 local use zones
      • Reverse data for zones 10.in-addr.arpa, 16.172.in-addr.arpa to 31.172.in-addr.arpa, 168.192.in-addr.arpa. The local-zone: is set static and as local-data: SOA and NS records are provided.
      reverse RFC3330 IP4 this, link-local, testnet and broadcast
      • Reverse data for zones 0.in-addr.arpa, 254.169.in-addr.arpa, 2.0.192.in-addr.arpa (TEST NET 1), 100.51.198.in-addr.arpa (TEST NET 2), 113.0.203.in-addr.arpa (TEST NET 3), 255.255.255.255.in-addr.arpa. And from 64.100.in-addr.arpa to 127.100.in-addr.arpa (Shared Address Space).
      reverse RFC4291 IP6 unspecified
      • Reverse data for zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
      reverse RFC4193 IPv6 Locally Assigned Local Addresses
      • Reverse data for zone D.F.ip6.arpa.
      reverse RFC4291 IPv6 Link Local Addresses
      • Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
      reverse IPv6 Example Prefix
      • Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for tutorials and examples. You can remove the block on this zone with:
        • local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
        You can also selectively unblock a part of the zone by making that part transparent with a local-zone statement. This also works with the other default zones.