General Settings

The first tab is labeled General Settings, and the first section on the page is General DNS Resolver Options. The first option is Enable, which enables Unbound, and is checked by default. The next option is Listen Port, which allows you to set the port used for responding to DNS queries. The default port is port 53 (DNS traditionally uses port 53 and the  UDP, although DNS also uses TCP for responses larger than a datagram, including DNSSEC and some IPv6 lookups, so take this into account when creating firewall rules for DNS).

The Network Interfaces list box allows you to select which interface IPs are used by Unbound to respond to queries from clients. Queries to interfaces not selected are discarded. If Unbound is enabled, however, you must select either All or localhost for this option. The Outgoing Network Interfaces list box allows you to choose which network interfaces the DNS resolver may use to send queries to authoritative servers and receive their replies.

When there is no domain match from local data, System Domain Local Zone Type determines how the DNS resolver handles the query. There are several options available in this drop-down box:

  • Deny: The DNS resolver will only answer the query if there is a match in the local data. If there is no such match, then the query will be dropped silently.
  • Refuse: This option is similar to Deny, except that when there is no match from the local data, the rcode REFUSED will be returned, so the client knows the query was refused.
  • Static: The DNS resolver looks for a match in the local data. If there is no match, it returns nodata or nxdomain, but it will also return the Start of Authority (SOA) for the root domain, provided that such information exists in the local data.
  • Transparent: The DNS resolver will answer the query from local data if there is match. If there is no match in local data, the query will be passed on to upstream DNS servers. If there is a match in the local data, but the type of data for which the query is being made does not exist in the local data, then the DNS resolver will return a noerror/nodata message.
  • Type Transparent: This option is similar to Transparent, but in cases in which there is a match in the local data but the type of data being asked for does not exist, the DNS resolver will pass the query on to upstream  DNS servers.
  • Redirect: The DNS resolver will attempt to answer the query from local data. If there is no local data other than the zone name, the query will be redirected.
  • Inform: Identical to Transparent, except that the client IP address and port number will also be logged.
  • Inform/Deny: Identical to Deny, except that the query will be logged.
  • No Default: Default contents for AS112 zones will not be returned by queries.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset