Maintained by: NLnet Labs

[Unbound-users] Default Responses

Attila Nagy
Thu Sep 29 12:08:31 CEST 2011


Hi,

On 06/16/11 14:47, Brian Smith wrote:
>
> Can Unbound, out of the box, be configured to have a default response? 
> IE respond to a query for doesnotexist.com (this would normally 
> respond NXDomain) with some sort of answer?
>
Just for the archive (and if you don't give a shit about the debian 
way), you can easily achieve this with a python helper module:
class unbound():
     def init(self, id, cfg):
         return True

     def deinit(self, id):
         return True

     def inform_super(self, id, qstate, superqstate, qdata):
         return True

     def operate(self, id, event, qstate, qdata):
         if (event == MODULE_EVENT_PASS) or (event == MODULE_EVENT_NEW):
             qstate.ext_state[id] = MODULE_WAIT_MODULE
             return True

         if event == MODULE_EVENT_MODDONE:
             if (qstate.return_msg and qstate.qinfo.qtype_str=='A'):
                 flags = qstate.return_msg.rep.flags & 0xf
                 if flags == RCODE_NXDOMAIN:
                     msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_A, 
RR_CLASS_IN, PKT_QR | PKT_RA | PKT_AA)
                     if (qstate.qinfo.qtype == RR_TYPE_A) or 
(qstate.qinfo.qtype == RR_TYPE_ANY):
                         msg.answer.append("%s 10 IN A 127.0.0.1" % 
qstate.qinfo.qname_str)
                     if not msg.set_return_msg(qstate):
                         qstate.ext_state[id] = MODULE_ERROR
                         return True

                     #we don't need validation, result is valid
                     qstate.return_msg.rep.security = 2
                     qstate.return_rcode = RCODE_NOERROR
                     qstate.ext_state[id] = MODULE_FINISHED
                     return True

             qstate.ext_state[id] = MODULE_FINISHED
             return True

dnsObj = unbound()
init = dnsObj.init
deinit = dnsObj.deinit
operate = dnsObj.operate
inform_super = dnsObj.inform_super

This will give back 127.0.0.1 for every NXDOMAIN answers for A RR type 
queries with a 10 seconds TTL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20110929/f9b2e165/attachment.html>