Local Zones

Unbound can host local zone data to complement, control, or replace upstream DNS data. This feature is commonly used to supply local clients with host record responses that do not exist in upstream DNS servers, or to supply local clients with a different response, akin to a DNS view.

Local Zone Example

This basic example configures a local zone for example.com and two hostnames inside. If a client queries TNSR for these host records, it will respond with the answers configured in the local zone. If a client requests records for a host under example.com not listed in this local zone, then the query is resolved as usual though the usual resolver or forwarding server mechanisms.

tnsr(config)# unbound server
tnsr(config-unbound)# local-zone example.com
tnsr(config-unbound-local-zone)# type transparent
tnsr(config-unbound-local-zone)# hostname server.example.com
tnsr(config-unbound-local-host)# address 192.0.2.5
tnsr(config-unbound-local-host)# exit
tnsr(config-unbound-local-zone)# hostname db.example.com
tnsr(config-unbound-local-host)# address 192.0.2.6
tnsr(config-unbound-local-host)# exit

Local Zone Configuration

Local zones are configured in config-unbound mode (DNS Resolver Configuration) using the local-zone <zone-name> command. This defines a new local zone and enters config-unbound-local-zone mode.

Within config-unbound-local-zone mode, the following commands are available:

description <descr>:

A short text description of the zone

type <type>:

The type for this local zone, which can be one of:

transparent:

Gives local data, and resolves normally for other names. If the query matches a defined host but not the record type, the client is sent a NOERROR, NODATA response. This is the most common type and most likely the best choice for most scenarios.

typetransparent:

Similar to transparent, but will forward requests for records that match by name but not by type.

deny:

Serve local data, drop queries otherwise.

inform:

Like transparent, but logs the client IP address.

inform_deny:

Drops queries and logs the client IP address.

no_default:

Normally resolve AS112 zones.

redirect:

Serves zone data for any subdomain in the zone.

refuse:

Serve local data, else reply with REFUSED error.

static:

Serve local data, else NXDOMAIN or NODATA answer.

hostname <fqdn>:

Defines a new hostname within the zone, and enters config-unbound-local-host mode. A local zone may contain multiple hostname entries.

Note

Include the domain name when creating a hostname entry.

Inside config-unbound-local-host mode, the following commands are available:

description <descr>:

A short text description of this host

address <ip-address>:

The IPv4 or IPv6 address to associate with this hostname for forward and reverse (PTR) lookups.