Maintained by: NLnet Labs

[Unbound-users] Patch: wildcard for include: statement

W.C.A. Wijngaards
Thu Sep 27 11:25:34 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 09/26/2012 09:58 PM, Paul Wouters wrote:
> On Wed, 26 Sep 2012, Valentin Bud wrote:
> 
>> Both patches work. I have built Unbound 1.4.18 on CentOS 6.3 and
>> it works. Thank you for this.
> 
> Good, you can give karma to the upcoming unbound packages :)
> 
>> I use Unbound in a (very) dynamic environment. I use 
>> unbound-control(8) to load zones and data when clients connect to
>> the network. I plan to save the local zones and local data to
>> files so in case I restart Unbound or if it crashes some how I
>> have (quite) the latest information. I plan to write a cron
>> script to do this job on each Unbound machine.
> 
> You have to be careful with this, as some data is pushed into
> unbound on demand. For instance, with openswan when you connect
> your VPN, the DNS entries for the DOMAIN received by XAUTH is added
> to unbound using unbound-control. It is also removed and flushed
> when the VPN tunnel goes down. This kind of data should not be
> permanently added.

The lexer file has a makefile rule to update the .c file for the
parser, but if you do not have flex/bison installed it then uses the
file that we shipped.

>> Of course I can use unbound-control list_local_data and redirect
>> the output to a file on disk. But when I update a remote Unbound
>> server that's not so easy. Yes, I can use an ssh connection and
>> run unbound-control, but that's not so nice :).
> 
> This is why I added /etc/unbound/local.d/ You should be able to
> populate that directory using puppet or something similar.
> 
> I also added /etc/unbound/conf.d/ and /etc/unbound/keys.d/ where
> you can put files in to be read by unbound on startup.

Thank you very much for the patch, I have applied it to svn trunk.
Small modification, call glob_free() on a glob error (to remove
partial glob results).

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQZBuOAAoJEJ9vHC1+BF+NQtwP/RIvJb/ulx5Y022LELxYk8n5
gW1kWVy++vSJaxfDvGsZKWPnNvRBqvhYnsL0/M6PBZeb9UpUwr4l43CmO6VhXKJD
kEJzauMiHTziSxq7Bet5GK/F1lMqyCkxIIsfyV5TZM1jOK8uVpKHDesBDsMl85y0
ovH6pWDx6FKv5hkwVyrB/dhk5iPBXWOHugDaLJB7tYIXZyMX40hb9/vJiv/sN6lO
grDfcu3HdhLElVv18yTGYawwIsugB3HeLN1pAqelbNyH+I6qTiArEgEH6/FQFqXS
+qcajmoVJ9tJK2lceTK50JPPowzW7xNTcSs8L2NKFPV3ZPSDqFFNNM8CNdf4kmDV
/C0cFVqdF2QU/XtN58QaCgZf/8fjtkippjAUTezggJ+cOAyt9iZW9IzAHsRJ3d5U
tz/jcs9jsmOKaU5DV0yVJy0gMYzsFD25IPFRSgzolFZGzn+Dk88yMZl9Ksv+Pa2R
9jQotiaXftZZTyqOnlLCOXaPSQJdQes+QO+/y+MuQ2ZstSMdiNU3zZuXNNVglm2i
WwCbVjnLI1lpC8Wn+e42td1EJPt7egDgGBfMdbS6G88bnhaa92YAx5CY7z2MDKJu
WJOnsUybX1JHtjJBjFL/W+5no7FZSJY70/ldlwWiMdozZL4uZHNlxGlFFfPTGdrI
q36TAt7ExwMOdc+LAbge
=rCDL
-----END PGP SIGNATURE-----