Resolve dependent on source IP of request?

Leo_Krüger · October 2, 2016, 11:28pm

Hi everybody,

we have a use-case where it is necessary that requests from several IP
networks are handled differently. Depending on the network the
requesting IP is from, requests for a specific zone should be answered
differently.

I already had a look at the config options local-data, local-zone,
local-zone-tag, access-control-tag, access-control-tag-action and
access-control-tag-data.

For the last three it seems as if it is not possible to set redirect
data for a specific zone, but only for all queries. For the first three
it does not seem to be possible to define one zone with different
content depending on the tag.

Is it even possible to configure unbound in the way needed for our use-case?

I would really appreciate your help!
Kind regards,
Leo

Ralph_Dolmans · October 3, 2016, 1:36pm

Hi Leo,

access-control-tag-data is what you are looking for. Data specified
there will only be used when the local-zone and acl entry matches the tag.

So, for example:

define-tag: "foo bar"
local-zone: "example." redirect
local-zone-tag: "example." "foo bar"

access-control-tag: 10.10.10.10/32 "foo"
access-control-tag: 10.10.10.20/32 "bar"
access-control-tag-data: 10.10.10.10/32 "foo1" 'TXT "foo data"'
access-control-tag-data: 10.10.10.20/32 "foo2" 'TXT "bar data"'

Regards,
-- Ralph

Leo_Krüger · October 3, 2016, 8:02pm

Hi Ralph,

thanks for the quick response. Works for me now.

Kind regards
Leo