====== Networking - DNS - Unbound - Local Zones ======

A number of locally served zones can be configured:

<code>
local-zone: <zone> <type>
local-data: "<resource record string>"
</code>

<WRAP info>
**NOTE:**  The local-zone **type** can be:

  * **deny** serves local data (if any), else, drops queries.
  * **refuse** serves local data (if any), else, replies with error.
  * **static** serves local data, else, nxdomain or nodata answer.
  * **transparent** gives local data, but resolves normally for other names.
  * **redirect** serves the zone data for any subdomain in the zone.
  * **nodefault** can be used to normally resolve AS112 zones.
  * **typetransparent** resolves normally for other types and other names.
  * **inform** acts like transparent, but logs client IP address.
  * **inform_deny** drops queries and logs client IP address.
  * **inform_redirect** redirects queries and logs client IP address
  * **always_transparent** resolve in that way but ignore local data for that name.
  * **always_refuse** resolve in that way but ignore local data for that name.
  * **always_nxdomain** resolve in that way but ignore local data for that name.
  * **noview** breaks out of that view towards global local-zones.

</WRAP>

<WRAP info>
**NOTE:**  If you configure **local-data** without specifying **local-zone**, by default a transparent local-zone is created for the data.
</WRAP>

----

===== Example =====

Suppose you have a printer in your LAN.

You can connect to that printer by using its known IP address, like, for example, 192.168.1.100.

However, wouldn't you rather give a human readable name to that printer?

<WRAP info>
**NOTE:**  Unbound is not an authoritative server, so it cannot manage a full zone with all its bells and whistles directly.

However, it is able to manage a small home LAN.
</WRAP>

<file bash /etc/unbound/unbound.conf.d/local_names.conf>
private-address: 192.168.1.0/24
local-zone: "sharewiz.net." static
        local-data: "gateway.sharewiz.net. IN A 192.168.1.1"
        local-data: "server1.sharewiz.net. IN A 192.168.1.2"
        local-data: "computer.sharewiz.net. IN A 192.168.1.69"
        local-data: "printer.sharewiz.net. IN A 192.168.1.100"
        local-data-ptr: "192.168.1.1 gateway.sharewiz.net"
        local-data-ptr: "192.168.1.2 server1.sharewiz.net"
        local-data-ptr: "192.168.1.69 computer.sharewiz.net"
        local-data-ptr: "192.168.1.100 printer.sharewiz.net"
</file>

<WRAP info>
**NOTE:**  This assumes that the LAN is using 192.168.1.0/24 as the network.

The **private-address** directive prevents addresses in your LAN from being returned for public Internet names. This step prevents DNS rebinding attacks.

The **local-zone** directive defines all domains under sharewiz.net as local.  The **static** word means that the static entries defined in the configuration file are used as DNS entries.  Each of the local-data entries assigns a name to an address.  For example, 192.168.1.100 would be assigned the name printer.sharewiz.net.  If you queried the Unbound server for a name in the sharewiz.net zone that did not exist, it would be answered with a NXDOMAIN message.  Alternatively, **transparent** could be used instead of static.  A transparent local zone is one in which the server tries to resolve the name of a host by other means if it has no static entry for it in its configuration.

The **local-data-ptr** entries are optional and define reverse DNS information.  Reverse DNS is, as the expression implies, the opposite of DNS.  A reverse DNS query asks "What is the name of the host with the address 192.168.1.100?"

</WRAP>