cdist-type__unbound - configure an instance of unbound, a DNS validating resolver.
This type writes the configuration and OpenRC init scripts to run an instance of unbound. The most commonly used options for unbound are configurable through flags.
Note that this type is currently only implemented (and tested) on Alpine Linux. Please contribute other implementations if you can.
Control the unbound.conf(5) verbosity parameter.
Control the unbound.conf(5) port parameter.
Control the unbound.conf(5) control-port parameter.
Control the unbound.conf(5) dns64-prefix parameter.
OPTIONAL MULTIPLE PARAMETERS¶
Control the unbound.conf(5) interface parameter. Can be given multiple times, will generate multiple interface: xxx clauses.
Control the unbound.conf(5) access-control parameter. Can be given multiple times, will generate multiple access-control clauses. The format is an IP block followed by an access-control keyword.
Control the unbound.conf(5) control-interface parameter. Can be given mutltiple times, will generate multiple control-interface clauses. Note that without the enable-rc boolean flags, remote control will not be enabled. Note that if at least one control interfaces is not a local socket, then you should enable the control-use-certs boolean flag to generate and configure TLS certificates for use between unbound(8) and unbound-control(8)
Define a forward zone. Each zone is comprised of a name, which defines for what domains this zone applies, and at least one DNS server to which the queries should be forwarded. The format is a comma-separated list of values where the first element is the name of the zone, and the following elements are the IP addresses of the DNS servers; e.g. example.com,188.8.131.52,184.108.40.206
Control the unbound.conf(5) local-data parameter. Note that no local-zone is defined, so the unbound default is to treat this data as a transparent local zone.
Control the unbound.conf(5) ip-transparent parameter.
Enables the addition of the DNS64 module.
Enable remote control.
Enable the generation using unbound-control-setup(8) of TLS certificates for the interaction between unbound(8) and unbound-control(8), as well as their inclusion in the configuration file.
Disable answering queries over IPv4.
Disable answering queries over IPv6.
# Setup two resolvers, one with dns64, the other without. __unbound unbound \ --dns64 \ --ip-transparent \ --interface "$address" \ --access-control "$address/64 allow" \ --enable-rc \ --control-interface "/var/run/unbound_control.sock" __unbound unbound6only \ --ip-transparent \ --interface "$addresstwo" \ --access-control "$addresstwo/64 allow" \ --forward-zone "example.com,220.127.116.11,18.104.22.168"
unbound(8) unbound.conf(5) unbound-control(8)
Copyright (C) 2021 Joachim Desroches. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.