将所有的ipv6地址设置为private-address,这样unbound转发域名有ipv6结果时不返回给查询的客户端。
如果对单独的域名进行过滤新建一个server实例,然后forward-zone转发特定域名到过滤ipv6的端口。
server:
port: 5350
do-ip4: yes
do-ip6: no
private-address: ::/0
interface: 0.0.0.0
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
msg-cache-size: 4m
rrset-cache-size: 4m
cache-max-ttl: 3600
cache-min-ttl: 300
hide-identity: yes
hide-version: yes
prefetch: yes
num-threads: 4
do-not-query-localhost: no
#minimal-responses: yes
#qname-minimisation: yes
#tcp-upstream: yes
#verbosity: 1
#logfile: "/var/log/unbound.log"
forward-zone:
name: "."
forward-addr: 114.114.114.114prefetch当查询时且缓存离过期时间还有10%时预请求并更新dns缓存,如果期间无查询请求不更新。
参考:
https://lost-and-found-narihiro.blogspot.com/2011/10/unbound-prefetch.html
https://nlnetlabs.nl/pipermail/unbound-users/2018-January/010444.html
https://calomel.org/unbound_dns.html
https://nlnetlabs.nl/documentation/unbound/unbound.conf/
https://www.nlnetlabs.nl/svn/unbound/trunk/doc/example.conf.in
标签:none