# if unbound is running service for the local host then it is useful
# to perform lan-wide lookups to the upstream, and unblock the
# long list of local-zones above. If this unbound is a dns server
- # for the network, likely the default is better and stops information
+ # for a network of computers, disabled is better and stops information
# leakage of local lan information.
# unblock-lan-zones: no
Default is disabled. If enabled, then for private address space,
the reverse lookups are no longer filtered. This allows unbound when
running as dns service on a host where it provides service for that host,
-to put out all of the queries for the 'lan' upstream. By default is no,
-that is for unbound running as a (DHCP-) DNS network resolver for a group
-of machines, where such lookups should be filtered (RFC compliance),
-this also stops potential data leakage about the local network to the
-upstream DNS servers.
+to put out all of the queries for the 'lan' upstream. When enabled,
+only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured
+with default local zones. Disable the option when unbound is running
+as a (DHCP-) DNS network resolver for a group of machines, where such
+lookups should be filtered (RFC compliance), this also stops potential
+data leakage about the local network to the upstream DNS servers.
.TP
.B local\-zone: \fI<zone> <type>
Configure a local zone. The type determines the answer to give if
else O_UNS(opt, "val-override-date", val_date_override)
else O_YNO(opt, "minimal-responses", minimal_responses)
else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin)
- else O_YNO(opt, "unblock_lan_zones", unblock_lan_zones)
+ else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
else O_DEC(opt, "max-udp-size", max_udp_size)
else O_STR(opt, "python-script", python_script)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
projects / thirdparty / unbound.git / commitdiff
