Maintained by: NLnet Labs

Query Cache

Phil Pennock
Tue Feb 7 01:21:11 CET 2017


On 2017-02-06 at 22:43 +0000, Matt Nelson via Unbound-users wrote:
> I have built a DNS filtering service using the pythonmod for unbound.
> Everything is working as it should apart from the cache. I want to
> disable the cache completely as I am filtering the results based on the
> incoming IP address. As an example anyone from 192.168.30.20 can access
> social media sites, but anyone from 192.168.30.30 is returned the IP
> address of the server instead which shows a "blocked" message. 

Sounds like you want to be using Views, with a `view:` block which has
`view-first: yes` set, local-data: in the view providing the IP address
of the server, and a set of `access-control-view:` directives putting
individual IPs into that view.

I'm not seeing anything under
http://unbound.net/documentation/pythonmod/index.html which shows the
access-control or view directives being exposed to Python.

Assuming that the list of IPs is fairly dynamic, have you considered
using an include directive such as:

  include: "/etc/unbound/python-managed.d/*.conf"

and then having your Python be a standalone service to
modify/create/delete one or more files in that directory based upon your
site integrations, and use unbound-control to
dump_cache/reload/load_cache ?

I don't see unbound-control options to directly change
access-control-view: options without doing a full reload.  :\

-Phil