DNS Resolver Access Lists¶
Unbound requires access lists (ACLs) to control which clients are allowed to submit queries. By default, IPv4 and IPv6 networks residing on internal interfaces of this firewall are permitted. Additional networks must be allowed manually.
Note
The automatic ACLs may be disabled using the Disable Auto-added Access Control option on the Advanced Settings tab.
To manage Access Lists for the DNS Resolver, navigate to Services > DNS Resolver, Access Lists tab. From this list, new entries may be added and existing entries may be edited or deleted.
When adding or editing an entry, the following options are available:
- Access List Name
The name for the Access List, which appears as a comment in the access list configuration file.
- Action
Method for handling the networks contained in this Access List
- Deny
Stops queries from clients in the configured networks
- Refuse
Stops queries from clients in the configured networks and sends back a
REFUSED
response code- Allow
Allows queries from clients in the configured networks
- Allow Snoop
Allows recursive and nonrecursive queries from clients in the configured networks, used for cache snooping, and typically only configured on administrative hosts.
- Description
A longer text field for reference notes about this entry.
- Networks
A list of networks to be governed by this access list entry.