Maintained by: NLnet Labs

[Unbound-users] Patch: wildcard for include: statement

Paul Wouters
Wed Sep 26 21:58:17 CEST 2012


On Wed, 26 Sep 2012, Valentin Bud wrote:

> Both patches work. I have built Unbound 1.4.18 on CentOS 6.3 and it
> works. Thank you for this.

Good, you can give karma to the upcoming unbound packages :)

> I use Unbound in a (very) dynamic environment. I use
> unbound-control(8) to load zones and data when clients connect to the
> network. I plan to save the local zones and local data to files so in
> case I restart Unbound or if it crashes some how I have (quite) the
> latest information. I plan to write a cron script to do this job on
> each Unbound machine.

You have to be careful with this, as some data is pushed into unbound on
demand. For instance, with openswan when you connect your VPN, the DNS
entries for the DOMAIN received by XAUTH is added to unbound using
unbound-control. It is also removed and flushed when the VPN tunnel goes
down. This kind of data should not be permanently added.

> Of course I can use unbound-control list_local_data and redirect the
> output to a file on disk. But when I update a remote Unbound server
> that's not so easy. Yes, I can use an ssh connection and run
> unbound-control, but that's not so nice :).

This is why I added /etc/unbound/local.d/ You should be able to populate
that directory using puppet or something similar.

I also added /etc/unbound/conf.d/ and /etc/unbound/keys.d/ where you can
put files in to be read by unbound on startup.

Paul