Project

General

Profile

Feature #7549

Enable Python support in Unbound

Added by Jim Pingle 5 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
DNS Resolver
Target version:
Start date:
05/15/2017
Due date:
% Done:

100%


Description

Unbound has optional Python support, which is not currently enabled. Enabling this option will allow packages such as pfBlocker to leverage Python scripts to take actions based on events in Unbound.

Python is already included in base, so there should not be any additional dependencies.

Associated revisions

Revision ae764da6
Added by Jim Pingle 5 months ago

Enable Python support for Unbound. Implements #7549

Revision 39eeab69
Added by Jim Pingle 4 months ago

Enable Python support for Unbound. Implements #7549

History

#1 Updated by Jim Pingle 5 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle 4 months ago

Python is there but still has some other issues that need worked out related to running unbound in a chroot.
Also it may need to have devel/swig30 added as a dependency.

Waiting on some feedback from bbcan117

#3 Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved

Anything we need to do on the OS side is done already, the rest is up to the actual scripts to setup mounts/libraries right in the chroot for what it needs before it runs.

#4 Updated by Doug Twitchell 3 months ago

To use python with unbound the module also needs to be enabled in the configuration file with:

module-config: "python iterator" 

or with DNSSEC:
module-config: "validator python iterator" 

I've created a patch that does this, but if python is listed as a module, there must also be a python: section with a python-script: directive or unbound-checkconf will fail. A good solution might be a GUI option to enter a python script, which would trigger the module-config change and put the script in the right place and mount the python libraries in the chroot. There are other issues as well, but this is the only one that requires code changes. See here: https://forum.pfsense.org/index.php?topic=134352.0

Here's the patch: https://github.com/twitched/pfsense/commit/1ff1605e8d2e2c9f87aac489fd7af7a407b3440c

Also available in: Atom PDF