Maintained by: NLnet Labs

is there any way to server a diff ip based on src ip?

Spike Morelli (DRBA)
Wed Mar 30 22:07:22 CEST 2016


Dear all,

I have different groups of users on my internal network and for some I'd
love to return a different response for certain domains.

Using a python response generation/modification script I can achieve this
provided that I invalidate the cache, which is not optimal.

For example, for a group I want to enforce google safe search, meaning I
need to redirect www.google.com (and many more) to nosslsearch.google.com
ip. I could put an if statement in the python script checking for src ip of
the request, but if I leave it at that and the response is stored in cache
then if a request from the other group comes in it will be served from
cache and they will get the wrong ip (from the first group).

If on the other hand I invalidate the cache, then the second group that
doesn't need the modification will cause a recursive resolution every time
and never use the cache, which is not great.

Is there a solution to this problem other than running two unbound boxes
(which is what I'm doing right now)? I could in theory run two unbound
processes, but that seems rather convoluted and to make management of the
box more complex.

thank you in advance,

Spike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20160330/2f76d244/attachment-0001.html>