1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
class site_config::caching_resolver {
tag 'leap_base'
# Setup a conf.d directory to place additional unbound configuration files.
# There must be at least one file in the directory, or unbound will not start,
# so create an empty placeholder to ensure this.
# Note: the version of unbound we are working with does not accept a wildcard
# for an include directive, so we are not able to use this. When we can use
# the newer unbound, then we will add 'include: /etc/unbound.d/*' to the
# configuration file
file {
'/etc/unbound/conf.d':
ensure => directory,
owner => root, group => root, mode => '0755',
require => Package['unbound'];
'/etc/unbound/conf.d/placeholder':
ensure => present,
content => '',
owner => root, group => root, mode => '0644';
}
class { 'unbound':
root_hints => false,
anchor => false,
ssl => false,
require => File['/etc/unbound/conf.d/placeholder'],
settings => {
server => {
verbosity => '1',
interface => [ '127.0.0.1', '::1' ],
port => '53',
hide-identity => 'yes',
hide-version => 'yes',
harden-glue => 'yes',
access-control => [ '127.0.0.0/8 allow', '::1 allow' ]
}
}
}
}
|
