DNS Resolver Access Lists¶
Unbound requires access lists (ACLs) to control which clients are allowed to submit queries. By default, IPv4 and IPv6 networks residing on internal interfaces of this firewall are permitted. Additional networks must be allowed manually.
The automatic ACLs may be disabled using the Disable Auto-added Access Control option on the Advanced Settings tab.
To manage access lists for the DNS Resolver, navigate to Services > DNS Resolver, Access Lists tab. This page has controls to add new entries as well as edit or delete existing entries.
When adding or editing an entry, the following options are available:
- Access List Name
The name for the access list, which appears as a comment in the access list configuration file.
Controls how Unbound will handle queries for networks contained in this access list.
Stops queries from clients in the configured networks
Stops queries from clients in the configured networks and sends back a
Allows queries from clients in the configured networks
- Allow Snoop
Allows recursive and non-recursive queries from clients in the configured networks, used for cache snooping, and typically only configured on administrative hosts.
- Deny Nonlocal
Allow only authoritative local-data queries from hosts within the network on this ACL. Unbound will drop disallowed messages.
- Refuse Nonlocal
Allow only authoritative local-data queries from hosts within the network on this ACL. Unbound sends back a
REFUSEDresponse code for disallowed messages.
A longer text field for reference notes about this entry.
A list of IPv4 or IPv6 networks governed by this access list entry.