diff options
author | varac <varacanero@zeromail.org> | 2016-06-09 17:35:00 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2016-06-14 12:05:18 +0200 |
commit | 191e76e270c36c70b46c5d3a2418669d3c95217c (patch) | |
tree | 57aab3b6608e6e6a92c66b5f722eb2686e8a427c /puppet/modules/unbound/README | |
parent | f0826bceeb5817ddf18ae1b3aed3a94f36c308f8 (diff) |
git subrepo clone https://leap.se/git/puppet_unbound puppet/modules/unbound
subrepo:
subdir: "puppet/modules/unbound"
merged: "a26b91d"
upstream:
origin: "https://leap.se/git/puppet_unbound"
branch: "master"
commit: "a26b91d"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo.git"
commit: "cb2995b"
Diffstat (limited to 'puppet/modules/unbound/README')
-rw-r--r-- | puppet/modules/unbound/README | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README new file mode 100644 index 00000000..529f37f0 --- /dev/null +++ b/puppet/modules/unbound/README @@ -0,0 +1,79 @@ +== Class: unbound + +The unbound class manages unbound, the reqursive caching DNS resolver. +It manages the package, service, configuration file, control keys and +support files. + +Supported operating systems are OpenBSD, Debian and Ubuntu. Tested on OpenBSD +5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2. + +The configuration file is concatenated from samples of server et. al., +stub-zone and forward-zone. The latter two are created independently +from the server settings, by defines which can be used by other classes +and modules. + +Control keys can be created with the unbound-control-setup program, +and is enabled by default. These are neccessary to be able to control +unbound (restart, reload etc) with the unbound-control program. + +The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor +program, and is enabled by default. + +The root-hints files named.cache can be managed, but have to be provided by +the user. See the documentation in manifests/root_hints.pp for how to proceede. +This functionality is not enabled by default. + +=== Parameters + +[*settings*] +Hash containing the settings as key value pairs. + +[*ssl*] +Mange unbound-control certificates? True or false, true by default. + +[*anchor*] +Manage root.key? True or false, true by default. + +[*root_hints*] +Manage named.cache? True or false, false by default. + +=== Examples + +class { 'unbound': + root_hints => true, + settings => { + server => { + verbosity => '1', + interface => [ + '127.0.0.1', + '::1', + $::ipaddress, + ], + outgoing-interface => $::ipaddress, + access-control => [ + '127.0.0.0/8 allow', + '::1 allow', + '10.0.0.0/8 allow', + ], + root-hints => '"/var/unbound/etc/named.cache"', + private-address => [ + '10.0.0.0/8', + '172.16.0.0/12', + '192.168.0.0/16', + ], + private-domain => "\"$::domain\"", + auto-trust-anchor-file => '"/var/unbound/etc/root.key"', + }, + python => { }, + remote-control => { + control-enable => 'yes', + control-interface => [ + '127.0.0.1', + '::1', + ], + }, + } +} + +See manifests/stub.pp and manifests/forward.pp for examples on how to create +sub zones and forward zones repectively. |