Use unbound for caching DNS queries

antmicro · Jul 27, 2021 · 7920eca · 7920eca
1 parent 5eb545d
commit 7920eca
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/supervisord.conf b/supervisord.conf
@@ -28,3 +28,15 @@ stdout_logfile_maxbytes=5MB
 redirect_stderr=true
 stopasgroup=true
 stopwaitsecs=10
+
+[program:unbound]
+command=/usr/bin/sudo unbound -d -c unbound.conf
+directory=%(here)s/virt
+process_name=%(program_name)s
+autostart=true
+autorestart=true
+stdout_logfile=virt/work/%(program_name)s.log
+stdout_logfile_maxbytes=5MB
+redirect_stderr=true
+stopasgroup=true
+stopwaitsecs=10
diff --git a/virt/create_preemptible_vm.py b/virt/create_preemptible_vm.py
@@ -124,13 +124,14 @@ def main(instance_number, container_file):
         sys.exit(1)
 
     sif_location = '/mnt/container.sif'
+    infer_dns_cmd = "$(echo $SSH_CONNECTION | awk '{ print $1 }')"
 
     commands = (
         'uname -a',
         'sudo mkdir -p /mnt/1 /mnt/2/work',
         f'echo "Pulling {container_file}..."',
 	    f'sudo singularity pull {sif_location} docker://{container_file}',
-        f'sudo singularity instance start -C -e --dns 8.8.8.8 --overlay /mnt/1 --bind /mnt/2:/root {sif_location} i',
+        f'sudo singularity instance start -C -e --dns {infer_dns_cmd} --overlay /mnt/1 --bind /mnt/2:/root {sif_location} i',
         'sudo iptables -A OUTPUT -d 169.254.169.254 -j DROP',
         f'chmod +x {SARGRAPH[1]}',
         f'sudo mv {SARGRAPH[1]} /usr/bin/sargraph',

diff --git a/virt/unbound.conf b/virt/unbound.conf
@@ -0,0 +1,20 @@
+server:
+  access-control: 10.0.0.0/8 allow
+  access-control: 127.0.0.0/8 allow
+  access-control: 192.168.0.0/16 allow
+  aggressive-nsec: yes
+  cache-max-ttl: 14400
+  cache-min-ttl: 1200
+  hide-identity: yes
+  hide-version: yes
+  interface: 0.0.0.0
+  prefetch: yes
+  rrset-roundrobin: yes
+    so-reuseport: yes
+  verbosity: 1
+  username: ""
+
+forward-zone:
+   name: "."
+   forward-addr: 8.8.4.4@53#dns.google
+   forward-addr: 8.8.8.8@53#dns.google