Feature #9251
closed
DNS Resolver (Unbound) Python Integration
Added by BBcan177 . almost 6 years ago.
Updated over 4 years ago.
Description
Add the python module integration to the DNS Resolver (Unbound)
The only remaining function, would be to mount the /bin and /lib folders to the /var/unbound folder.
mkdir -p /var/unbound/usr/local/bin
mkdir -p /var/unbound/usr/local/lib
mount_nullfs -o ro /usr/local/bin/ /var/unbound/usr/local/bin
mount_nullfs -o ro /usr/local/lib/ /var/unbound/usr/local/lib
I have coded the following for pfBlockerNG for testing purposes, but this will need to be adapted for pfSense and called at bootup before Unbound starts or it will fail to load without the mounts. It will also need notices/log info message code added.
https://gist.github.com/BBcan177/b5d9506f9d1ca1ff2457f62bbaaaf878
Files
+1 : good feature !
nice work!
- Category set to DNS Resolver
- Status changed from New to Feedback
- Assignee set to Renato Botelho
- Target version set to 2.5.0
- % Done changed from 0 to 100
PR has been merged. Thanks!
PR 4155 has been merged to RELENG_2_4_5. Thanks
- Target version changed from 2.5.0 to 2.4.5
This doesn't appear to be working on 2.4.5.
On 2.5.0 I can copy over netflix-no-aaaa.py (attached) and enable the module, select the script, and it works as expected (resolving netflix.com only returns A records. Without the script, both A and AAAA records are returned).
On 2.4.5, using the same actions, unbound fails to run. Unbound quits without logging any errors. Starting it manually in the foreground results in an error:
/usr/local/sbin/unbound -d -c /var/unbound/unbound.conf
Fatal Python error: _Py_HashRandomization_Init: failed to get random numbers to initialize Python
For my python PHP include files, I added a mount to address random number generation:
/sbin/mount -t devfs devfs /var/unbound/dev
devfs on /var/unbound/dev (devfs, local)
If it's a required action, it should be done when setting up the environment. I'm mostly curious about why that isn't necessary on 2.5.0 but seems to be necessary on 2.4.5, though it may be a FreeBSD 11 vs 12 environment issue.
- Assignee changed from Renato Botelho to Jim Pingle
Mounting devfs does fix the problem. I added some code to set that up as needed when the module is enabled.
- Status changed from New to Feedback
- Status changed from Feedback to Resolved
Appears to work fine now on 2.4.5.a.20200114.0923 and 2.5.0.a.20200113.1543
@Jim maybe cool idea to add option to paste python files to unbound chroot like it done in HAproxy package from GUI so all users script will be written to confix.xml and will remain in users backups files?
About python module and python files, suggestion "option two":
add Notice *(i) to Python Module Script about:
1. If you want to add Python Modules and backup them install Filer Plugin
2. Put Python Modules in /var/unbound folder with 644 permissions with root:root owner
3. In case of usage Filer Plugin you can reload Unbound with Shell command in Filer on update/sync of file:
unbound-control -c /var/unbound/unbound.conf reload
It's nice that there is the added option in the web config, but there is no hint whatsoever where to put these Python scripts. And also from reading this feature request it's not clear to me.
Also available in: Atom
PDF