Skip to end of metadata
Go to start of metadata

Symptom:

The unbound caching DNS Server can be compiled with an optional python module.  Using this module it is possible to have full control over the DNS queries send out by unbound, as well over the DNS answer send back to a client.

The primary use of the python module is to be able to prototype new DNS protocol enhancements and do quick test with new DNS protocol ideas.

Problem:

How can the python module be enabled in unbound? 

Solution

To enable the python module, the unbound DNS Server must be compiled with the python module configure switch:

./configure ----with-pythonmodule


When using the Men & Mice provided binary installation packages for unbound ( http://packages.menandmice.com/unbound/ ), you need to download the "P" flavor which have the python module compiled in.

It is also necessary to have a current version of the python programming language installed on the system.

In order to by able to execute a python script inside the unbound process, the unbound nameserver must be configured to load the python module. In the unbound.conf file, add the module named "python" to the list of loaded modules:

 module-config: "validator python iterator"


and configure the path to the python script:

python:
    # Script file to load
    python-script: "/usr/local/unbound/etc/unbound/resgen.py"


The unbound python module (unboundmodule.py) must be available for the unbound process to load (be aware of CHROOT issues when using unbound in CHROOT mode, as the python script as well as dependencies must be reachable inside the CHROOT. For initial testing, try to get it working without CHROOT first).

For the Men & Mice provided unbound binaries, the unbound home directory is a good place for the scripts:

/usr/local/unbound/etc/unbound/unboundmodule.py


When the unbound process is started, the initialization steps of the python module should appear in the log-file (when a high enough log-level is provided):

root@csmobile3:/usr/src# /usr/local/unbound/sbin/unbound -dvv -c /etc/unbound.conf
[1278010351] unbound[23338:0] notice: Start of unbound 1.4.5.
[1278010352] unbound[23338:0] debug: chdir to /usr/local/unbound/etc/unbound
[1278010352] unbound[23338:0] debug: drop user privileges, run as unbound
[1278010352] unbound[23338:0] debug: switching log to stderr
[1278010352] unbound[23338:0] debug: module config: "validator python iterator"
[1278010352] unbound[23338:0] notice: init module 0: validator
[1278010352] unbound[23338:0] notice: init module 1: python
[1278010352] unbound[23338:0] notice: init module 2: iterator
[1278010352] unbound[23338:0] debug: target fetch policy for level 0 is 3
[1278010352] unbound[23338:0] debug: target fetch policy for level 1 is 2
[1278010352] unbound[23338:0] debug: target fetch policy for level 2 is 1
[1278010352] unbound[23338:0] debug: target fetch policy for level 3 is 0
[1278010352] unbound[23338:0] debug: target fetch policy for level 4 is 0
[1278010352] unbound[23338:0] debug: cache memory msg=66072 rrset=66072 infra=2608 val=74608
[1278010352] unbound[23338:0] info: start of service (unbound 1.4.5).