simplest way to forward to diff resolver based on src
Daisuke HIGASHI
daisuke.higashi at gmail.com
Mon Apr 10 15:47:26 UTC 2017
Hi,
AFAIK Unbound doesn't have "view" functionality associating
multiple cache/resolver instances.
One of way to implement such "view" function is running
multiple Unbound instances in combination with dnsdist ( http://dnsdist.org ):
-- dnsdist.conf
-- queries from 1.1.1.0/24 are forwarded to 192.0.2.1.
newServer({address="192.0.2.1", pool="dns1"})
pc1 = newPacketCache(100000)
getPool("dns1"):setCache(pc1)
client_dns1 = newNMG()
client_dns1:addMask("1.1.1.0/24")
addAction(NetmaskGroupRule(client_dns1), PoolAction("dns1"))
-- queries from 1.1.2.0/24 are forwarded to 192.0.2.2
newServer({address="192.0.2.2", pool="dns2"})
pc2 = newPacketCache(100000)
getPool("dns2"):setCache(pc2)
client_dns2 = newNMG()
client_dns2:addMask("1.1.2.0/24")
addAction(NetmaskGroupRule(client_dns2), PoolAction("dns2"))
-- queries from 1.1.3.0/24 are forwarded to 192.0.2.3
newServer({address="192.0.2.3", pool="dns3"})
pc3 = newPacketCache(100000)
getPool("dns3"):setCache(pc3)
client_dns3 = newNMG()
client_dns3:addMask("1.1.3.0/24")
addAction(NetmaskGroupRule(client_dns3), PoolAction("dns3"))
-- the others are REFUSED.
addAction(AllRule(), RCodeAction(5))
setACL({})
addACL("0.0.0.0/0")
addACL("::0/0")
--
Daisuke Higashi
More information about the Unbound-users
mailing list