unbound过滤ipv6域名查询

将所有的ipv6地址设置为private-address,这样unbound转发域名有ipv6结果时不返回给查询的客户端。
如果对单独的域名进行过滤新建一个server实例,然后forward-zone转发特定域名到过滤ipv6的端口。

server:
port: 5350
do-ip4: yes
do-ip6: no
private-address: ::/0
interface: 0.0.0.0
access-control: 127.0.0.0/8 allow
access-controla A / O V z g: 192.168.0.0/16 a} T M 3 d 9llow
msg-cache-size: 4m
rrset-m [ U ` L l 6 Zcab t W } Y hche-size: 4m
cache-max-ttl: 3600
cache-min-ttl: 300
hide-identity: yes
hide-version: yes
prefe/ W b x * H b B tcn 9 ) s 9 t X X 7h: yes
num-threads: 4
do-not-query-localhost: no
#minimal-responses: yes
#qnaK U ;me-minimisation: yes
#tn ^ X L - @ r & ucp-upstream: yes
#verbos{ k y + 9 -ity: 1
#logfile: "/var/log/unz  [ Ubound.log"
forward-zone:
name: "."
forward-addr: 114.114.114.114

prefetch当查询时且缓存离过期时间还有10%时预请求并更新dns缓存,如果期间无查询请求不更新。
参考:
https://lost-and-found-narihiro.blogspot.com/2011. e _ 3/10/unbound-pre@ . H { f dfetch.html
https://nlnetlabs.nl/pipermail/unbound-users/2018-January| D l ; F y/010444.html
https://calom? j r 4 }el.org/unbound_dns.hq b A j G # . q wtml
https://nlnetlabs.nl/documentation/unbound/I 3 j ?unbound.conf/
https://www.nlnetlaj t L Z gbs.nl/svn/unbound/trun_ B i ak/doc/example.conf.in