Unbound DNS resolver to answer simple DNS queries using EC2 API calls
Project description
This module uses the Unbound DNS resolver to answer simple DNS queries using EC2 API calls. For example, the following query would match an EC2 instance with a Name tag of foo.example.com:
$ dig -p 5003 @127.0.0.1 foo.dev.example.com
; <<>> DiG 9.8.1-P1 <<>> -p 5003 @127.0.0.1 foo.dev.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5696
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;foo.dev.example.com. IN A
;; ANSWER SECTION:
foo.dev.example.com. 300 IN A 10.0.0.2
foo.dev.example.com. 300 IN A 10.0.0.1
;; Query time: 81 msec
;; SERVER: 127.0.0.1#5003(127.0.0.1)
;; WHEN: Sat Sep 28 23:27:16 2013
;; MSG SIZE rcvd: 77
Installation
On Debian family, install the unbound, python-unbound system packages.
On Redhat family, install the unbound, unbound-python system packages.
Then, install unbound-ec2:
$ pip install unbound-ec2
Configuration
The following settings must be added to your Unbound configuration:
server:
chroot: ""
module-config: "validator python iterator"
python:
python-script: "/etc/unbound/unbound_ec2_script"
EC2 module can be configured by specifying values in /etc/unbound/unbound_ec2.conf or setting environment variables in /etc/default/unbound.
See unbound_ec2.conf.example and default_unbound.example for more information.
You can also define AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY entries in the environment directory. When unbound-ec2 is run on an EC2 instance, though, it will automatically use an IAM instance profile if one is available.
Configuration - zone forwarding
By default unbound will control the whole zone configured for the plugin, however in some cases you might want to delegate subdomains to other authoritative name servers. Unbound allows this by using the forward-zone directive:
forward-zone:
name: "sub-y.sub-x.example.com"
forward-addr: "ns1.sub-y.sub-x.example.com"
Additionally, the unbound-ec2 plugin has to be configured with a comma separated list of all subdomains to be forwarded in the [main] section of the unbound_ec2.conf configuration file:
forwarded_zones = sub-y.sub-x.example.com
Considerations
unbound-ec2 queries the EC2 API to answer requests about names inside the specified zone. All other requests are handled normally by Unbound’s caching resolver if caching type server was chosen.
For requests for names within the specified zone, unbound_ec2 calls DescribeInstances and filters the results using defined lookup filters (default is instances in the running state).
When more than one instance matches the DescribeInstances query, unbound-ec2 will return multiple A records in a round-robin. In case of caching type server, query results will be cached by Unbound, and a TTL (default: 300 seconds) is defined to encourage well-behaved clients to cache the information themselves.
IPv6 are not yet supported.
Unit tests
Run with
$ python setup.py test
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file unbound-ec2-1.3.0.tar.gz
.
File metadata
- Download URL: unbound-ec2-1.3.0.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f5bd7c81a2cfe8f837c265328bbb9e867e07e2af7c49865049010e782618ab89 |
|
MD5 | 2640ea405962efdb024358fb50d44594 |
|
BLAKE2b-256 | bec4ba4569bbfffa5c8df98dcbcf41c3c822a43ff70646d96f7525f271fe3b16 |
File details
Details for the file unbound_ec2-1.3.0-py2.7.egg
.
File metadata
- Download URL: unbound_ec2-1.3.0-py2.7.egg
- Upload date:
- Size: 20.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2a57a6e2f9e9ebd0a825be7df89cd2da27135d9edf20539bbe610213e75039c0 |
|
MD5 | 500211852fcc58a6e4ceb894e05c3c26 |
|
BLAKE2b-256 | 81f935f15c715a3f4dd0af75f4b67a2f6a8f356940c7fa0319c072e1c7385fe1 |