simplest way to forward to diff resolver based on src

Daisuke HIGASHI daisuke.higashi at gmail.com
Mon Apr 10 15:47:26 UTC 2017


Hi,

AFAIK Unbound doesn't have "view" functionality associating
multiple cache/resolver instances.

One of way to implement such "view" function is running
multiple Unbound instances in combination with dnsdist ( http://dnsdist.org ):

-- dnsdist.conf

-- queries from 1.1.1.0/24 are forwarded to 192.0.2.1.
newServer({address="192.0.2.1", pool="dns1"})
pc1 = newPacketCache(100000)
getPool("dns1"):setCache(pc1)
client_dns1 = newNMG()
client_dns1:addMask("1.1.1.0/24")
addAction(NetmaskGroupRule(client_dns1), PoolAction("dns1"))

-- queries from 1.1.2.0/24 are forwarded to 192.0.2.2
newServer({address="192.0.2.2", pool="dns2"})
pc2 = newPacketCache(100000)
getPool("dns2"):setCache(pc2)
client_dns2 = newNMG()
client_dns2:addMask("1.1.2.0/24")
addAction(NetmaskGroupRule(client_dns2), PoolAction("dns2"))

-- queries from 1.1.3.0/24 are forwarded to 192.0.2.3
newServer({address="192.0.2.3", pool="dns3"})
pc3 = newPacketCache(100000)
getPool("dns3"):setCache(pc3)
client_dns3 = newNMG()
client_dns3:addMask("1.1.3.0/24")
addAction(NetmaskGroupRule(client_dns3), PoolAction("dns3"))

-- the others are REFUSED.
addAction(AllRule(), RCodeAction(5))

setACL({})
addACL("0.0.0.0/0")
addACL("::0/0")


--
 Daisuke Higashi



More information about the Unbound-users mailing list