Basic question about using Unbound to always_nxdomain
-
Hello,
This is a very basic question, I know.
I have Unbound on a VM and a stub zone pointed at a BIND Authoritative server. Since the Unbound host is a Linux VM (Fedora Server) - I have the freedom to do certain things. One thing I have done is create a zone file to block specific DNS hosts on my network. My zone file kind of looks like;
server: local-zone: "zyrtec.1.p2l.info" always_nxdomain
I also have Unbound on my PFSense appliance se with a Domain Override which is also pointed at my BIND server for my local "domain". It works great. (Tested by spinning up a VM and pointing the DNS at the PFSense appliance in systemd-networkd.
My questions are;
- How can I do the equivelant of
local-zone: "zyrtec.1.p2l.info" always_nxdomain
in pfsense? - Does pfsense create a zone file for these entries, and if so - where is it? I have written a Python library that automates creating that zone file.
Thank you.
- How can I do the equivelant of
-
@swills1 if you click the Display Custom Options button you can paste that right in the field. :)
Don’t know about the details; never looked. It gets written into the config file and anything else will likely get overwritten anyway.
-
@steveits where is the config?
Thanks!
-
@swills1 here:
-
@steveits Thanks. I meant where is the file in the file system. You've given me enough to go on though. Thanks again.
-
unbound doesn't have zone files like 'bind' has.
Its (only) a resolver, not really a authoritative DNS server.
Just one config file : /var/unbound/unbound.conf although this file can pull in other files. -
@gertjan I'm talking about config files.
I mentioned BIND above and stub zones. I think context let's you know I know what an Authoritative server is. I also talk about using Unbound and BIND in conjunction. Indicating I know they each serve a different purpose. Otherwose, why would I have both? :) Also, talking about
nxdomain
typically let's you know a person knows what recursive DNS is.I Googled where the config was earlier for pfsense. When installing Unbound on an actual full OS - you get a directory and the config looks for
*.conf
in that directory.My overall issue was just needing to know where the config was in regard to pfsense because I knew it wasn't going to be /etc/unbound. And knowing how pfsense handled config entries out of the box. Whether it used a separate config, the main config, or something else.
Thanks for the reply. Appreciate your time.