Maintained by: NLnet Labs

[Unbound-users] Patch: wildcard for include: statement

Robert Edmonds
Sat Apr 13 22:22:26 CEST 2013


W.C.A. Wijngaards wrote:
> Hi Paul,
> 
> On 09/26/2012 09:58 PM, Paul Wouters wrote:
> > On Wed, 26 Sep 2012, Valentin Bud wrote:
> > 
> >> Both patches work. I have built Unbound 1.4.18 on CentOS 6.3 and
> >> it works. Thank you for this.
> > 
> > Good, you can give karma to the upcoming unbound packages :)
> > 
> >> I use Unbound in a (very) dynamic environment. I use 
> >> unbound-control(8) to load zones and data when clients connect to
> >> the network. I plan to save the local zones and local data to
> >> files so in case I restart Unbound or if it crashes some how I
> >> have (quite) the latest information. I plan to write a cron
> >> script to do this job on each Unbound machine.
> > 
> > You have to be careful with this, as some data is pushed into
> > unbound on demand. For instance, with openswan when you connect
> > your VPN, the DNS entries for the DOMAIN received by XAUTH is added
> > to unbound using unbound-control. It is also removed and flushed
> > when the VPN tunnel goes down. This kind of data should not be
> > permanently added.
> 
> The lexer file has a makefile rule to update the .c file for the
> parser, but if you do not have flex/bison installed it then uses the
> file that we shipped.
> 
> >> Of course I can use unbound-control list_local_data and redirect
> >> the output to a file on disk. But when I update a remote Unbound
> >> server that's not so easy. Yes, I can use an ssh connection and
> >> run unbound-control, but that's not so nice :).
> > 
> > This is why I added /etc/unbound/local.d/ You should be able to
> > populate that directory using puppet or something similar.
> > 
> > I also added /etc/unbound/conf.d/ and /etc/unbound/keys.d/ where
> > you can put files in to be read by unbound on startup.
> 
> Thank you very much for the patch, I have applied it to svn trunk.
> Small modification, call glob_free() on a glob error (to remove
> partial glob results).
> 
> Best regards,
>    Wouter

hi,

i've tried to add similar functionality to the unbound debian package by
adding this line to our default config:

    include: "/etc/unbound/conf.d/*.conf"

and shipping an empty /etc/unbound/conf.d directory in the package for
users to place local config.  unfortunately, without any filename
matches, glob() returns GLOB_NOMATCH and this causes config file parsing
to fail:

    /etc/unbound/unbound.conf:17: error: cannot open include file '/etc/unbound/conf.d/*.conf': No such file or directory
    read /etc/unbound/unbound.conf failed: 1 errors in configuration file

this goes away if i put at least one file that matches the glob into
that directory, but i don't want to have to ship a dummy empty
"do-not-remove.conf" file in the conf.d directory in order to get the
config to parse correctly (what if the user removes it?).  could this
feature be updated so that a lack of glob matches is treated as
"success, but no files included" rather than failure to parse the
config?  (possibly made contingent on the existence of the directory of
the dirname() of the wildcarded include: parameter.)

-- 
Robert Edmonds
edmonds at debian.org