diff options
Diffstat (limited to 'puppet/modules/unbound/README')
-rw-r--r-- | puppet/modules/unbound/README | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README new file mode 100644 index 00000000..529f37f0 --- /dev/null +++ b/puppet/modules/unbound/README @@ -0,0 +1,79 @@ +== Class: unbound + +The unbound class manages unbound, the reqursive caching DNS resolver. +It manages the package, service, configuration file, control keys and +support files. + +Supported operating systems are OpenBSD, Debian and Ubuntu. Tested on OpenBSD +5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2. + +The configuration file is concatenated from samples of server et. al., +stub-zone and forward-zone. The latter two are created independently +from the server settings, by defines which can be used by other classes +and modules. + +Control keys can be created with the unbound-control-setup program, +and is enabled by default. These are neccessary to be able to control +unbound (restart, reload etc) with the unbound-control program. + +The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor +program, and is enabled by default. + +The root-hints files named.cache can be managed, but have to be provided by +the user. See the documentation in manifests/root_hints.pp for how to proceede. +This functionality is not enabled by default. + +=== Parameters + +[*settings*] +Hash containing the settings as key value pairs. + +[*ssl*] +Mange unbound-control certificates? True or false, true by default. + +[*anchor*] +Manage root.key? True or false, true by default. + +[*root_hints*] +Manage named.cache? True or false, false by default. + +=== Examples + +class { 'unbound': + root_hints => true, + settings => { + server => { + verbosity => '1', + interface => [ + '127.0.0.1', + '::1', + $::ipaddress, + ], + outgoing-interface => $::ipaddress, + access-control => [ + '127.0.0.0/8 allow', + '::1 allow', + '10.0.0.0/8 allow', + ], + root-hints => '"/var/unbound/etc/named.cache"', + private-address => [ + '10.0.0.0/8', + '172.16.0.0/12', + '192.168.0.0/16', + ], + private-domain => "\"$::domain\"", + auto-trust-anchor-file => '"/var/unbound/etc/root.key"', + }, + python => { }, + remote-control => { + control-enable => 'yes', + control-interface => [ + '127.0.0.1', + '::1', + ], + }, + } +} + +See manifests/stub.pp and manifests/forward.pp for examples on how to create +sub zones and forward zones repectively. |