unbound.conf: add DN42 IPv4 as a private-address

since we don't route DN42 IPv4 internally, this caused issued like "ping ns1.burble.dn42" returning an error because it resolved the IPv4 address. work around this by configuring the entire DN42 address space as a private-address, so we'll only return IPv6 addresses for this zone.
author: Lexi Winter <lexi@le-fay.org> 2025-07-15 07:31:01 +0100
committer: Lexi Winter <lexi@le-fay.org> 2025-07-15 07:31:01 +0100
commit: e31a22a6f566e4962a6125d7b54d46231b603c92 (patch)
tree: f1eed9e38dd4f52d5481f40f5d79a6bee15d51c2
parent: 313f1c141613a749bcbf4e04dcbb27b2cbc38c18 (diff)
download: dns-e31a22a6f566e4962a6125d7b54d46231b603c92.tar.gz
dns-e31a22a6f566e4962a6125d7b54d46231b603c92.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/unbound.conf.erb b/unbound.conf.erb
index cb7b08c..3b2aedc 100644
--- a/unbound.conf.erb
+++ b/unbound.conf.erb
@@ -41,6 +41,11 @@ server:
 	private-address: 64:ff9b::/96
 	include: "<%= confdir %>/private_ldap.conf"
 
+	# Add the DN42 IPv4 address space to private-address.  This ensures
+	# we'll never return an A record for a DN42 name query, because we
+	# don't route DN42 IPv4 internally.
+	private-address: 172.16.0.0/12
+
 	# General tuning.
 	prefer-ip6: yes
 	rrset-cache-size: 128m
author	Lexi Winter <lexi@le-fay.org>	2025-07-15 07:31:01 +0100
committer	Lexi Winter <lexi@le-fay.org>	2025-07-15 07:31:01 +0100
commit	e31a22a6f566e4962a6125d7b54d46231b603c92 (patch)
tree	f1eed9e38dd4f52d5481f40f5d79a6bee15d51c2
parent	313f1c141613a749bcbf4e04dcbb27b2cbc38c18 (diff)
download	dns-e31a22a6f566e4962a6125d7b54d46231b603c92.tar.gz dns-e31a22a6f566e4962a6125d7b54d46231b603c92.tar.bz2