2010/5/16 Alexander E. Patrakov <patrakov at gmail.com> > 16.05.2010 22:01, Carsten Krüger wrote: > >> Hello, >> >> is it possible with unbound to allow only lookups on whitelisted >> domains and answer all others with 127.0.0.1 or NXDOMAIN? >> >> > > No. > Well, I wouldn't be so strict, something like this could probably be done using forwarding: name: whitelist1.dom forward-addr: 1.2.3.4 name: whitelist2.dom forward-addr: 1.2.3.4 name: . forward-addr: <ip_of_dummy_nameserver_returning always nxdomain, f.e. running on 127.0.0.2> But you are doing it wrong. DNS is a bad place for this kind of filtering. Implement transparent HTTP proxy with block list or even simple firewall rules are better. Protection on DNS level is very fragile and probably could be easily circumvented if not implemented together with strict firewall rules. Ondrej -- Ondřej Surý <ondrej at sury.org> http://blog.rfc1925.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20100516/ccbd7728/attachment.htm>