summaryrefslogtreecommitdiff
path: root/puppet/modules/unbound/README
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/unbound/README')
-rw-r--r--puppet/modules/unbound/README79
1 files changed, 79 insertions, 0 deletions
diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README
new file mode 100644
index 00000000..529f37f0
--- /dev/null
+++ b/puppet/modules/unbound/README
@@ -0,0 +1,79 @@
+== Class: unbound
+
+The unbound class manages unbound, the reqursive caching DNS resolver.
+It manages the package, service, configuration file, control keys and
+support files.
+
+Supported operating systems are OpenBSD, Debian and Ubuntu. Tested on OpenBSD
+5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2.
+
+The configuration file is concatenated from samples of server et. al.,
+stub-zone and forward-zone. The latter two are created independently
+from the server settings, by defines which can be used by other classes
+and modules.
+
+Control keys can be created with the unbound-control-setup program,
+and is enabled by default. These are neccessary to be able to control
+unbound (restart, reload etc) with the unbound-control program.
+
+The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor
+program, and is enabled by default.
+
+The root-hints files named.cache can be managed, but have to be provided by
+the user. See the documentation in manifests/root_hints.pp for how to proceede.
+This functionality is not enabled by default.
+
+=== Parameters
+
+[*settings*]
+Hash containing the settings as key value pairs.
+
+[*ssl*]
+Mange unbound-control certificates? True or false, true by default.
+
+[*anchor*]
+Manage root.key? True or false, true by default.
+
+[*root_hints*]
+Manage named.cache? True or false, false by default.
+
+=== Examples
+
+class { 'unbound':
+ root_hints => true,
+ settings => {
+ server => {
+ verbosity => '1',
+ interface => [
+ '127.0.0.1',
+ '::1',
+ $::ipaddress,
+ ],
+ outgoing-interface => $::ipaddress,
+ access-control => [
+ '127.0.0.0/8 allow',
+ '::1 allow',
+ '10.0.0.0/8 allow',
+ ],
+ root-hints => '"/var/unbound/etc/named.cache"',
+ private-address => [
+ '10.0.0.0/8',
+ '172.16.0.0/12',
+ '192.168.0.0/16',
+ ],
+ private-domain => "\"$::domain\"",
+ auto-trust-anchor-file => '"/var/unbound/etc/root.key"',
+ },
+ python => { },
+ remote-control => {
+ control-enable => 'yes',
+ control-interface => [
+ '127.0.0.1',
+ '::1',
+ ],
+ },
+ }
+}
+
+See manifests/stub.pp and manifests/forward.pp for examples on how to create
+sub zones and forward zones repectively.