From f5775156d8d8800247b8917ab6212c7eed16a124 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Jul 2016 16:46:10 -0400 Subject: git subrepo clone https://leap.se/git/puppet_unbound puppet/modules/unbound subrepo: subdir: "puppet/modules/unbound" merged: "a26b91d" upstream: origin: "https://leap.se/git/puppet_unbound" branch: "master" commit: "a26b91d" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "1e79595" Change-Id: I83719264de2c716035d34599d541cadd42319b74 --- puppet/modules/unbound/README | 79 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 puppet/modules/unbound/README (limited to 'puppet/modules/unbound/README') diff --git a/puppet/modules/unbound/README b/puppet/modules/unbound/README new file mode 100644 index 00000000..529f37f0 --- /dev/null +++ b/puppet/modules/unbound/README @@ -0,0 +1,79 @@ +== Class: unbound + +The unbound class manages unbound, the reqursive caching DNS resolver. +It manages the package, service, configuration file, control keys and +support files. + +Supported operating systems are OpenBSD, Debian and Ubuntu. Tested on OpenBSD +5.2 with Puppet 2.7.14 and Debian Sid with Puppet 2.7.18-2. + +The configuration file is concatenated from samples of server et. al., +stub-zone and forward-zone. The latter two are created independently +from the server settings, by defines which can be used by other classes +and modules. + +Control keys can be created with the unbound-control-setup program, +and is enabled by default. These are neccessary to be able to control +unbound (restart, reload etc) with the unbound-control program. + +The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor +program, and is enabled by default. + +The root-hints files named.cache can be managed, but have to be provided by +the user. See the documentation in manifests/root_hints.pp for how to proceede. +This functionality is not enabled by default. + +=== Parameters + +[*settings*] +Hash containing the settings as key value pairs. + +[*ssl*] +Mange unbound-control certificates? True or false, true by default. + +[*anchor*] +Manage root.key? True or false, true by default. + +[*root_hints*] +Manage named.cache? True or false, false by default. + +=== Examples + +class { 'unbound': + root_hints => true, + settings => { + server => { + verbosity => '1', + interface => [ + '127.0.0.1', + '::1', + $::ipaddress, + ], + outgoing-interface => $::ipaddress, + access-control => [ + '127.0.0.0/8 allow', + '::1 allow', + '10.0.0.0/8 allow', + ], + root-hints => '"/var/unbound/etc/named.cache"', + private-address => [ + '10.0.0.0/8', + '172.16.0.0/12', + '192.168.0.0/16', + ], + private-domain => "\"$::domain\"", + auto-trust-anchor-file => '"/var/unbound/etc/root.key"', + }, + python => { }, + remote-control => { + control-enable => 'yes', + control-interface => [ + '127.0.0.1', + '::1', + ], + }, + } +} + +See manifests/stub.pp and manifests/forward.pp for examples on how to create +sub zones and forward zones repectively. -- cgit v1.2.3