Question about Python Mode

provels

pfS+ 22.05
pfB 3.1.0_6

In order to use the Python features in pfB, I need to simply enable the Python Module in Unbound and the Unbound Python Mode in pfB? Are the defaults acceptable to start with? I'm a bit confused about what the lightning bolt means.

I had tried enabling it on _4 but had experienced some issues with spotty response on DNS, but now I'm on 3.1.0_6 on 22.05. Thanks for reading and any replies.

Gertjan

@provels said in Question about Python Mode:

what the lightning bolt means

See it as 'the latest and greatest' developments.

The lightning bolt groups together the functionalities that the python mode offers.

Btw : "Python control" offers a functionality that you probably never want to use.
Except when you need it ;)

provels

@gertjan So just hang with the defaults, right?

Gertjan

@provels

Yep.
That’s what I do.
You’ll get a nice bonus : less options used is less code executed is less errors found :-)

provels

@gertjan FWIW, I'm getting DNS timeouts w/ Python that I don't get with Unbound. Wonder if that's the "Slow DNS after 22.05" thing (if those folks are using Python). Dunno.

Gertjan

@provels

I don't have "www dot techwalla dot com" listed any dsnbl, so it resolves just fine for me.

I don't see any 'servfail', except for a Samsung 'not so smart' TV that hammers DNS with :

where "kpu" could also be "dpu" or "ypu", domain names that probably don't exist any more.

About the "22.05 dns is slow" is an unbound issue, not a python issue.
The python mode is just a small script file that unbound calls for every DNS action, like before it start to resolve, during and after. The python scripts being called in the mididel of the resolve action, has far more log and parse capabilities. And it permits to add some action like 'ditch AAAA requests" or brute force "Regex filtering" or following the CNAME rabbit hole.
If the python script fails, then errors would popup mentioning something happened with 'python'.

The "22.05 dns is slow" thread has some suggestions, like: "no-ipv6" (check this).
I'm using ipv6 just fine on my 4100, using vanilla unbound setup.

provels

@gertjan said in Question about Python Mode:

I don't have "www dot techwalla dot com" listed any dsnbl

Nor do I. The Samsung entries are pfB blocks from a TV blocklist. I get what you're saying, but I seem to have no issues using unbound mode, but python mode chokes. Anyway, it matters little since it's just me on my little home net. Maybe it's my tiny VM, but I would think Python would unload it rather than make it struggle. I try it again, but this is low priority (for both of us!).
Thanks for the replies!

Gertjan

@provels said in Question about Python Mode:

Nor do I.

Actually, I found it.
I discovered that by default the 200 last items are listened on the Unified page.
They were all from the last second or so.
I made the view bigger, like '2000' and now I saw the lookup of "www dot techwalla dot com" - No dnsbl was blocking it, so I could open that site just fine.

provels

@gertjan If you open the Unified Log, do you see many "ServFail" entries? I see hundreds since I reenabled Python a little while ago, but when I see blocks it indeed shows what blocklist was used. Maybe it's user error, don't know.
Never mind, ServFail doesn't mean what I thought it did.

Thanks again for your replies.