summaryrefslogtreecommitdiff
path: root/puppet/modules/unbound/README
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2016-06-09 17:35:00 +0200
committervarac <varacanero@zeromail.org>2016-06-14 12:05:18 +0200
commit191e76e270c36c70b46c5d3a2418669d3c95217c (patch)
tree57aab3b6608e6e6a92c66b5f722eb2686e8a427c /puppet/modules/unbound/README
parentf0826bceeb5817ddf18ae1b3aed3a94f36c308f8 (diff)
git subrepo clone https://leap.se/git/puppet_unbound puppet/modules/unbound
subrepo: subdir: "puppet/modules/unbound" merged: "a26b91d" upstream: origin: "https://leap.se/git/puppet_unbound" branch: "master" commit: "a26b91d" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo.git" commit: "cb2995b"
Diffstat (limited to 'puppet/modules/unbound/README')
-rw-r--r--puppet/modules/unbound/README79
1 files changed, 79 insertions, 0 deletions
diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README
new file mode 100644
index 00000000..529f37f0
--- /dev/null
+++ b/puppet/modules/unbound/README
@@ -0,0 +1,79 @@
+== Class: unbound
+
+The unbound class manages unbound, the reqursive caching DNS resolver.
+It manages the package, service, configuration file, control keys and
+support files.
+
+Supported operating systems are OpenBSD, Debian and Ubuntu. Tested on OpenBSD
+5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2.
+
+The configuration file is concatenated from samples of server et. al.,
+stub-zone and forward-zone. The latter two are created independently
+from the server settings, by defines which can be used by other classes
+and modules.
+
+Control keys can be created with the unbound-control-setup program,
+and is enabled by default. These are neccessary to be able to control
+unbound (restart, reload etc) with the unbound-control program.
+
+The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor
+program, and is enabled by default.
+
+The root-hints files named.cache can be managed, but have to be provided by
+the user. See the documentation in manifests/root_hints.pp for how to proceede.
+This functionality is not enabled by default.
+
+=== Parameters
+
+[*settings*]
+Hash containing the settings as key value pairs.
+
+[*ssl*]
+Mange unbound-control certificates? True or false, true by default.
+
+[*anchor*]
+Manage root.key? True or false, true by default.
+
+[*root_hints*]
+Manage named.cache? True or false, false by default.
+
+=== Examples
+
+class { 'unbound':
+ root_hints => true,
+ settings => {
+ server => {
+ verbosity => '1',
+ interface => [
+ '127.0.0.1',
+ '::1',
+ $::ipaddress,
+ ],
+ outgoing-interface => $::ipaddress,
+ access-control => [
+ '127.0.0.0/8 allow',
+ '::1 allow',
+ '10.0.0.0/8 allow',
+ ],
+ root-hints => '"/var/unbound/etc/named.cache"',
+ private-address => [
+ '10.0.0.0/8',
+ '172.16.0.0/12',
+ '192.168.0.0/16',
+ ],
+ private-domain => "\"$::domain\"",
+ auto-trust-anchor-file => '"/var/unbound/etc/root.key"',
+ },
+ python => { },
+ remote-control => {
+ control-enable => 'yes',
+ control-interface => [
+ '127.0.0.1',
+ '::1',
+ ],
+ },
+ }
+}
+
+See manifests/stub.pp and manifests/forward.pp for examples on how to create
+sub zones and forward zones repectively.