You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current behavior
unbound-control is very useful tool, which allows to change almost everything runtime. Without modification of files and reloading, not even restarting. We like it a lot.
But it allows only one change at a time. Adding single domain forwarding, with multiple of servers maybe.
Describe the desired feature
It would be useful for us, if we could make kind of batch change. Sometimes one change is just a part of more changes. While local unix domain socket is lightweight enough, there is still unnecessary repetition when forking. Especially when TLS certificate is used to protect control channel and limit access to it, those repeated unbound-control executions are not cheap.
It would be great, if unbound could process them inside single connection. If some of them failed, mark them as failed. Ideally with saying, which line failed with which error.
It would be nice to include report, what failed, if failed. At minimum line of first failure and its message.
Better for each command line status of execution, with possible error message.
Possible output to stderr might look like:
L1 0: ok
L2 0: ok
L3 0: ok
L4 0: ok
L5 1: example error message, possibly localized.
L6 1: example error message, possibly localized.
L7 2: alternate error message, possibly localized.
L7 4: yet another error message.
The format might be L<line number, starting at 1> <return code>: <optional message, which unbound-control would print just for this command>. return code would contain what would unbound-control return when running that command separately. Indication of success when 0. optional message can be localized, but L<linenumber> should be unmodified in any language. That should allow working automated parsing, regardless of system locale. This way would allow just single line message, that should be enough to analyse a reason of the failure.
Detailed error messages might follow after that, delimited by empty line for example.
Potential use-case
A good example would be adding redirection of network 172.16.0.0/12 to local network resolver. It generates a long list of domains, where I need to call unbound-control forward_add +i 16.172.in-addr.arpa. 192.0.2.53. Then continue with unbound-control forward_add +i 17.172.in-addr.arpa. 192.0.2.53 and end with unbound-control forward_add +i 31.172.in-addr.arpa. 192.0.2.53.
But wait, that is not enough in default configuration! You also need to deactivate local-zones for those domains. They prevent forwarding to work in default configuration. Unbound creates by default zones:
And still in related action to definition of forwarding of reverse network range, those needs to be set to nodefault. Which again can be done by unbound-control local-zone 16.172.in-addr.arpa. nodefault, but needs to be executed extra. For every domain specified, again.
Something like this could help make unbound changes less CPU intensive and more efficient to do.
The text was updated successfully, but these errors were encountered:
Current behavior
unbound-control is very useful tool, which allows to change almost everything runtime. Without modification of files and reloading, not even restarting. We like it a lot.
But it allows only one change at a time. Adding single domain forwarding, with multiple of servers maybe.
Describe the desired feature
It would be useful for us, if we could make kind of batch change. Sometimes one change is just a part of more changes. While local unix domain socket is lightweight enough, there is still unnecessary repetition when forking. Especially when TLS certificate is used to protect control channel and limit access to it, those repeated unbound-control executions are not cheap.
It would be great, if unbound could process them inside single connection. If some of them failed, mark them as failed. Ideally with saying, which line failed with which error.
Example:
It would be nice to include report, what failed, if failed. At minimum line of first failure and its message.
Better for each command line status of execution, with possible error message.
Possible output to stderr might look like:
The format might be
L<line number, starting at 1> <return code>: <optional message, which unbound-control would print just for this command>. return code would contain what would unbound-control return when running that command separately. Indication of success when 0. optional message can be localized, butL<linenumber>should be unmodified in any language. That should allow working automated parsing, regardless of system locale. This way would allow just single line message, that should be enough to analyse a reason of the failure.Detailed error messages might follow after that, delimited by empty line for example.
Potential use-case
A good example would be adding redirection of network
172.16.0.0/12to local network resolver. It generates a long list of domains, where I need to callunbound-control forward_add +i 16.172.in-addr.arpa. 192.0.2.53. Then continue withunbound-control forward_add +i 17.172.in-addr.arpa. 192.0.2.53and end withunbound-control forward_add +i 31.172.in-addr.arpa. 192.0.2.53.But wait, that is not enough in default configuration! You also need to deactivate local-zones for those domains. They prevent forwarding to work in default configuration. Unbound creates by default zones:
And still in related action to definition of forwarding of reverse network range, those needs to be set to nodefault. Which again can be done by
unbound-control local-zone 16.172.in-addr.arpa. nodefault, but needs to be executed extra. For every domain specified, again.Something like this could help make unbound changes less CPU intensive and more efficient to do.
The text was updated successfully, but these errors were encountered: