A number of locally served zones can be configured:
local-zone: <zone> <type> local-data: "<resource record string>"
NOTE: The local-zone type can be:
NOTE: If you configure local-data without specifying local-zone, by default a transparent local-zone is created for the data.
Suppose you have a printer in your LAN.
You can connect to that printer by using its known IP address, like, for example, 192.168.1.100.
However, wouldn't you rather give a human readable name to that printer?
NOTE: Unbound is not an authoritative server, so it cannot manage a full zone with all its bells and whistles directly.
However, it is able to manage a small home LAN.
private-address: 192.168.1.0/24 local-zone: "sharewiz.net." static local-data: "gateway.sharewiz.net. IN A 192.168.1.1" local-data: "server1.sharewiz.net. IN A 192.168.1.2" local-data: "computer.sharewiz.net. IN A 192.168.1.69" local-data: "printer.sharewiz.net. IN A 192.168.1.100" local-data-ptr: "192.168.1.1 gateway.sharewiz.net" local-data-ptr: "192.168.1.2 server1.sharewiz.net" local-data-ptr: "192.168.1.69 computer.sharewiz.net" local-data-ptr: "192.168.1.100 printer.sharewiz.net"
NOTE: This assumes that the LAN is using 192.168.1.0/24 as the network.
The private-address directive prevents addresses in your LAN from being returned for public Internet names. This step prevents DNS rebinding attacks.
The local-zone directive defines all domains under sharewiz.net as local. The static word means that the static entries defined in the configuration file are used as DNS entries. Each of the local-data entries assigns a name to an address. For example, 192.168.1.100 would be assigned the name printer.sharewiz.net. If you queried the Unbound server for a name in the sharewiz.net zone that did not exist, it would be answered with a NXDOMAIN message. Alternatively, transparent could be used instead of static. A transparent local zone is one in which the server tries to resolve the name of a host by other means if it has no static entry for it in its configuration.
The local-data-ptr entries are optional and define reverse DNS information. Reverse DNS is, as the expression implies, the opposite of DNS. A reverse DNS query asks “What is the name of the host with the address 192.168.1.100?”