From owner-freebsd-questions@freebsd.org Tue Oct 13 10:59:44 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7309AA125BF for ; Tue, 13 Oct 2015 10:59:44 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "fileserver.home.qeng-ho.org", Issuer "fileserver.home.qeng-ho.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 178411077 for ; Tue, 13 Oct 2015 10:59:43 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.home.qeng-ho.org (8.15.2/8.15.2) with ESMTP id t9DAv8jS044872; Tue, 13 Oct 2015 11:57:08 +0100 (BST) (envelope-from freebsd@qeng-ho.org) Subject: Re: Unbound as local DNS cacher, overwrite some domains To: "B.J.Scharp" , freebsd-questions@freebsd.org References: <561CD9FD.6020204@itsacon.net> From: Arthur Chance Message-ID: <561CE384.6040304@qeng-ho.org> Date: Tue, 13 Oct 2015 11:57:08 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <561CD9FD.6020204@itsacon.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2015 10:59:44 -0000 On 13/10/2015 11:16, B.J.Scharp wrote: > Hello, > > I have a setup where there are several machines on a LAN that have both > internal and external addresses. I would like to use Unbound as a local > DNS cacher that provides the internal address when queried, while the > external (authoritive) DNS gives the external address. > > Example: > > mail.example.org is on the LAN. > > If a laptop is used on-site, the DHCP gives the FreeBSD server as the > primary DNS server. > > That DNS server returns the LAN address when queried for > mail.example.org, but defers to a higher-up machine when queried for, > E.G., www.google.com > > Next the laptop is taken out of the LAN, and when it queries the > external DNS for mail.example.org, it gets the WAN address for the > server. (for this reason I don't want to use the hosts file on the > laptop, nor use addresses like example.local). > > So basically, I want Unbound to be authorative for some addresses, but > not necessarily for entire domains (not all hosts for the domain are on > that LAN, so for most queries, the normal authorative DNS can be used). > It's more like a LAN-wide hosts file. > > Is this possible with Unbound, and if so, where do I start? Take a look at the local-zone, local-data and local-data-ptr directives. You can totally override a zone or simply make changes and additions to one depending on the type specified in local-zone. -- Those who do not learn from computing history are doomed to GOTO 1