DNS Resolver Access Lists¶

Unbound requires access lists (ACLs) to control which clients are allowed to submit queries. By default, IPv4 and IPv6 networks residing on internal interfaces of this firewall are permitted. Additional networks must be allowed manually.

Note

The automatic ACLs may be disabled using the Disable Auto-added Access Control option on the Advanced Settings tab.

To manage Access Lists for the DNS Resolver, navigate to Services > DNS Resolver, Access Lists tab. From this list, new entries may be added and existing entries may be edited or deleted.

When adding or editing an entry, the following options are available:

Access List Name

The name for the Access List, which appears as a comment in the access list configuration file.

Action

Method for handling the networks contained in this Access List

Deny: Stops queries from clients in the configured networks
Refuse: Stops queries from clients in the configured networks and sends back a REFUSED response code
Allow: Allows queries from clients in the configured networks
Allow Snoop: Allows recursive and nonrecursive queries from clients in the configured networks, used for cache snooping, and typically only configured on administrative hosts.

Description

A longer text field for reference notes about this entry.

Networks

A list of networks to be governed by this access list entry.