Maintained by: NLnet Labs

[Unbound-users] unbound views

Attila Nagy
Tue Aug 11 11:17:48 CEST 2009


Hello,

Zdenek Vasicek (author of the python module) was very kind and helped to 
make the query's source IP (and port and transport) accessible from the 
python module. This made answering queries based on the source IP 
possible with unbound.

This is pretty much fine if you want to respond according to complex 
rules (which involves source IP), but sometimes a simple "views" (like 
in bind) solution would be perfectly enough.

This, with the flexible local and stub zones configuration would satisfy 
a lot use cases.

So the question is: how hard would it be to make unbound's configuration 
source-IP aware? I mean, putting arbitrary configuration into 
netblock-indexed configuration blocks.

Theoretical example:

server:
	directory: "/etc/unbound"
	username: unbound
	interface: 0.0.0.0
	interface: ::0
	access-control: 0.0.0.0/0 allow
	access-control: ::/0 allow
	view: 10.0.0.0/8, 192.168.0.0/16, 2001:DB8::/64
		local-zone: "localhost." static
		local-data: "localhost. 10800 IN NS localhost."
		local-data: "localhost. 10800 IN
                     SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
		local-data: "localhost. 10800 IN A 127.0.0.1"
		local-data: "localhost. 10800 IN AAAA ::1"
		# but nearly every option should do (if it makes sense):
		verbosity: 1		# this would make debugging much easier
		

Thanks,