Hello,
Zdenek Vasicek (author of the python module) was very kind and helped to
make the query's source IP (and port and transport) accessible from the
python module. This made answering queries based on the source IP
possible with unbound.
This is pretty much fine if you want to respond according to complex
rules (which involves source IP), but sometimes a simple "views" (like
in bind) solution would be perfectly enough.
This, with the flexible local and stub zones configuration would satisfy
a lot use cases.
So the question is: how hard would it be to make unbound's configuration
source-IP aware? I mean, putting arbitrary configuration into
netblock-indexed configuration blocks.
Theoretical example:
server:
directory: "/etc/unbound"
username: unbound
interface: 0.0.0.0
interface: ::0
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
view: 10.0.0.0/8, 192.168.0.0/16, 2001:DB8::/64
local-zone: "localhost." static
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-data: "localhost. 10800 IN AAAA ::1"
# but nearly every option should do (if it makes sense):
verbosity: 1 # this would make debugging much easier
Thanks,
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
