Skip to main content

Unbound DNS resolver to answer simple DNS queries using EC2 API calls

Project description

Build Status Version

This module uses the Unbound DNS resolver to answer simple DNS queries using EC2 API calls. For example, the following query would match an EC2 instance with a Name tag of foo.example.com:

$ dig -p 5003 @127.0.0.1 foo.dev.example.com
; <<>> DiG 9.8.1-P1 <<>> -p 5003 @127.0.0.1 foo.dev.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5696
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.dev.example.com.       IN      A

;; ANSWER SECTION:
foo.dev.example.com. 300 IN A       10.0.0.2
foo.dev.example.com. 300 IN A       10.0.0.1

;; Query time: 81 msec
;; SERVER: 127.0.0.1#5003(127.0.0.1)
;; WHEN: Sat Sep 28 23:27:16 2013
;; MSG SIZE  rcvd: 77

Installation

On Debian family, install the unbound, python-unbound system packages.

On Redhat family, install the unbound, unbound-python system packages.

Then, install unbound-ec2:

$ pip install unbound-ec2

Configuration

The following settings must be added to your Unbound configuration:

server:
    chroot: ""
    module-config: "validator python iterator"

python:
    python-script: "/etc/unbound/unbound_ec2_script"

EC2 module can be configured by specifying values in /etc/unbound/unbound_ec2.conf or setting environment variables in /etc/default/unbound.

See unbound_ec2.conf.example and default_unbound.example for more information.

You can also define AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY entries in the environment directory. When unbound-ec2 is run on an EC2 instance, though, it will automatically use an IAM instance profile if one is available.

Configuration - zone forwarding

By default unbound will control the whole zone configured for the plugin, however in some cases you might want to delegate subdomains to other authoritative name servers. Unbound allows this by using the forward-zone directive:

forward-zone:
      name: "sub-y.sub-x.example.com"
      forward-addr: "ns1.sub-y.sub-x.example.com"

Additionally, the unbound-ec2 plugin has to be configured with a comma separated list of all subdomains to be forwarded in the [main] section of the unbound_ec2.conf configuration file:

forwarded_zones = sub-y.sub-x.example.com

Considerations

unbound-ec2 queries the EC2 API to answer requests about names inside the specified zone. All other requests are handled normally by Unbound’s caching resolver if caching type server was chosen.

For requests for names within the specified zone, unbound_ec2 calls DescribeInstances and filters the results using defined lookup filters (default is instances in the running state).

When more than one instance matches the DescribeInstances query, unbound-ec2 will return multiple A records in a round-robin. In case of caching type server, query results will be cached by Unbound, and a TTL (default: 300 seconds) is defined to encourage well-behaved clients to cache the information themselves.

IPv6 are not yet supported.

Unit tests

Run with

$ python setup.py test

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

unbound-ec2-1.3.0.tar.gz (10.3 kB view details)

Uploaded Source

Built Distribution

unbound_ec2-1.3.0-py2.7.egg (20.5 kB view details)

Uploaded Source

File details

Details for the file unbound-ec2-1.3.0.tar.gz.

File metadata

  • Download URL: unbound-ec2-1.3.0.tar.gz
  • Upload date:
  • Size: 10.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for unbound-ec2-1.3.0.tar.gz
Algorithm Hash digest
SHA256 f5bd7c81a2cfe8f837c265328bbb9e867e07e2af7c49865049010e782618ab89
MD5 2640ea405962efdb024358fb50d44594
BLAKE2b-256 bec4ba4569bbfffa5c8df98dcbcf41c3c822a43ff70646d96f7525f271fe3b16

See more details on using hashes here.

File details

Details for the file unbound_ec2-1.3.0-py2.7.egg.

File metadata

File hashes

Hashes for unbound_ec2-1.3.0-py2.7.egg
Algorithm Hash digest
SHA256 2a57a6e2f9e9ebd0a825be7df89cd2da27135d9edf20539bbe610213e75039c0
MD5 500211852fcc58a6e4ceb894e05c3c26
BLAKE2b-256 81f935f15c715a3f4dd0af75f4b67a2f6a8f356940c7fa0319c072e1c7385fe1

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page