On 14-12-16 22:53, Matt Nelson via Unbound-users wrote: > I'm currently building a DNS filtering service using Unbound and a > Python module. My service should only respond to IP addresses that are > listed in a database; these can be added dynamically. Is there a way of > existing out of the python module so that nothing is sent back to the > client if their IP isn't in the list? > > I have already got the users IP address, and have written some code to > check it against the databse. My issue is that if the IP doens't exit > then all I can do is set "qstate.ext_state[id] = MODULE_ERROR" which > will return a "status: SERVFAIL". Is there a way of returning nothing at > all? >
Could you describe the application of your request a bid more broadly?
What is the problem you are trying to solve?
From what you're telling us right now, Id gather that you have a dynamic
list of clients that you want allow talking to unbound while denying
everybody else, and managing 'access-control' statements in unbound.conf
is too cumbersome.
Sounds like you want a cron job plus ipset/iptables, custom python code
for unbound is the wrong tool for the job.
Kind regards,
Tom
signature.asc
Description: OpenPGP digital signature
