Can the unbound DNS server give different answers to DNS queries made on different interfaces (split-horizon)?
I did not see any indication in the manual that it could, but I may have missed something.
Add a comment
|
1 Answer
I am going to answer my own question after figuring out how to do it in Unbound directly.
You can't (as far as I can tell) provide a completely different configuration file for different interfaces, but you can use a combination of network addresses, views and access-control directives to tweak some DNS answers:
server:
# Listen on two interfaces (or use 0.0.0.0 to listen on all):
interface: 192.168.1.1 # LAN interface
interface: 10.0.25.1 # Other interface
# Define access controls
access-control: 192.168.1.1/24 allow # LAN interface
access-control: 10.0.25.1/24 allow # Other interface
# Specify custom local answers for each interface by using views:
access-control-view: 192.168.1.1/24 lan
access-control-view: 10.0.25.1/24 other
# Specify default local data:
local-data: "common.example.com. 10800 IN A 12.34.56.78"
# Custom data for LAN interface
view:
name: "lan"
local-data: "common.example.com. 10800 IN A 192.168.1.1"
# Custom data for Other interface
view:
name: "other"
local-data: "common.example.com. 10800 IN A 10.0.25.1"
By using this, Unbound will answer for common.example.com:
- 192.168.1.1 on the LAN interface
- 10.0.25.1 on the Other interface
- 12.34.56.78 on any other interface