How to do views in Unbound DNS Server

Question

How would I use the BIND "views" feature in Unbound? I don't seem to be able to find anything online regarding this.

Answer 1

https://nlnetlabs.nl/documentation/unbound/unbound.conf/#access-control-view

server:
    access-control-view: 192.168.4.4 view-test

view:
    name: "view-test"
    local-zone: "example.com" always_nxdomain

Answer 2

Unbound doesn't support split-horizon DNS. It's primarily meant as a recursive and caching nameserver, and has only limited support for serving authoritative answers.

You can sort of fake it in some circumstances through its stub zone feature and/or its local-data option, but for the normal scenario you'd use split-horizon DNS for (a network with RFC1918 addresses), Unbound has nothing.

Answer 3

If you really really want to stick with Unbound, you could possibly fake it by running multiple instances of Unbound on different ip addresses and then using iptables to forward based on the source address.

Taking 192.0.2.1 as the ip of your server and 198.51.100.0/24 as the range you want to present a different view to, you could do something like follows:

• Unbound 1: Bound to 192.168.0.2.1:53
• Unbound 2: Bound to 127.0.0.1:53 (or another ip address on the loopback adapter)

In iptables put the following rules (untested, but should work):

iptables -A PREROUTING -s 198.51.100.0/24 -p udp -m udp --dport 53 -j DNAT --to 127.0.0.1:53
iptables -A PREROUTING -s 198.51.100.0/24 -p tcp -m tcp --dport 53 -j DNAT --to 127.0.0.1:53

However, I don't recommend going this way as Bind is the better tool for this job, and hacks like the above become a pain to admin further down the line.

Answer 4

No, Unbound is "only" a resolver. Try an authoritative nameserver software instead.

Wikipedia has a feature matrix explicitly mentioning 'split horizon':

http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software#Feature_matrix