Skip to content

Latest commit

 

History

History
2544 lines (1457 loc) · 67.1 KB

REFERENCE.md

File metadata and controls

2544 lines (1457 loc) · 67.1 KB
Raw

Reference

Table of Contents

Classes

  • unbound: Installs and configures Unbound, the caching DNS resolver from NLnet Labs
  • unbound::remote: Configure remote control of the unbound daemon process

Defined types

Data types

Classes

unbound

Installs and configures Unbound, the caching DNS resolver from NLnet Labs

Parameters

The following parameters are available in the unbound class:

manage_service

Data type: Boolean

ensure puppet manages the service

Default value: true

verbosity

Data type: Integer[0,5]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 1

statistics_interval

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

statistics_cumulative

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

extended_statistics

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

num_threads

Data type: Integer[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 1

port

Data type: Integer[0, 65535]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 53

interface

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

interface_automatic

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

interface_automatic_ports

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

outgoing_interface

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

outgoing_range

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

outgoing_port_permit

Data type: Unbound::Range

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '32768-65535'

outgoing_port_avoid

Data type: Unbound::Range

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '0-32767'

outgoing_port_permit_first

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

outgoing_num_tcp

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

incoming_num_tcp

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

edns_buffer_size

Data type: Integer[0,4096]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 1232

max_udp_size

Data type: Optional[Integer[0,65536]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

stream_wait_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

msg_cache_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

msg_cache_slabs

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

num_queries_per_thread

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

jostle_timeout

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

delay_close

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

unknown_server_time_limit

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

so_rcvbuf

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

so_sndbuf

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

so_reuseport

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ip_transparent

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ip_freebind

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

rrset_cache_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

rrset_cache_slabs

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

cache_max_ttl

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

cache_max_negative_ttl

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

cache_min_ttl

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

infra_host_ttl

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

infra_cache_numhosts

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

infra_cache_slabs

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

infra_cache_min_rtt

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

define_tag

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

do_ip4

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

do_ip6

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

prefer_ip6

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

do_udp

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

do_tcp

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

tcp_mss

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tls_cert_bundle

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tls_upstream

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

outgoing_tcp_mss

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tcp_idle_timeout

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

edns_tcp_keepalive

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

edns_tcp_keepalive_timeout

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tcp_upstream

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

udp_upstream_without_downstream

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ssl_upstream

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ssl_service_key

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ssl_service_pem

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ssl_port

Data type: Optional[Integer[0,65535]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tls_ciphers

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

tls_ciphersuites

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

use_systemd

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

do_daemonize

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

access_control

Data type: Hash[String[1], Unbound::Access_control]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

chroot

Data type: Optional[Unbound::Chroot]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

logfile

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

log_identity

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

log_time_ascii

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

log_queries

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

log_replies

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

log_tag_queryreply

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

log_local_actions

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

log_servfail

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

pidfile

Data type: Stdlib::Absolutepath

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '/var/run/unbound/unbound.pid'

hide_identity

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

identity

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

hide_version

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

version

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

hide_trustanchor

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

target_fetch_policy

Data type: Array[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

harden_short_bufsize

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

harden_large_queries

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

harden_glue

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

harden_dnssec_stripped

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

harden_below_nxdomain

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

harden_referral_path

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

harden_algo_downgrade

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

use_caps_for_id

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

caps_whitlist

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

qname_minimisation

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

qname_minimisation_strict

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

private_address

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

private_domain

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

unwanted_reply_threshold

Data type: Integer[0]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 10000000

do_not_query_address

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

do_not_query_localhost

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

prefetch

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

prefetch_key

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

deny_any

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

rrset_roundrobin

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

minimal_responses

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

disable_dnssec_lame_check

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

trust_anchor_file

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

trust_anchor

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

trust_anchor_signaling

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

domain_insecure

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

val_sig_skew_min

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

val_sig_skew_max

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

val_bogus_ttl

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

val_clean_additional

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

val_log_level

Data type: Optional[Integer[0,2]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

val_permissive_mode

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ignore_cd_flag

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

serve_expired

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

serve_expired_ttl

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

serve_expired_ttl_reset

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

serve_expired_reply_ttl

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

serve_expired_client_timeout

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

val_nsec3_keysize_iterations

Data type: Array[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

add_holddown

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

del_holddown

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

keep_missing

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

permit_small_holddown

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

key_cache_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

key_cache_slabs

Data type: Optional[Integer]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

neg_cache_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

unblock_lan_zones

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

insecure_lan_zones

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

local_zone

Data type: Unbound::Local_zone

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

local_data

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

local_data_ptr

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

local_zone_tag

Data type: Hash[String[1], Array[String[1]]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

local_zone_override

Data type: Hash[String[1], Unbound::Local_zone_override]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

ratelimit

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ratelimit_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ratelimit_slabs

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ratelimit_factor

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ratelimit_for_domain

Data type: Hash[String[1], Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

ratelimit_below_domain

Data type: Hash[String[1], Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

ip_ratelimit

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ip_ratelimit_size

Data type: Optional[Unbound::Size]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ip_ratelimit_slabs

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ip_ratelimit_factor

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

fast_server_permil

Data type: Optional[Integer[0,1000]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

fast_server_num

Data type: Optional[Integer[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

forward

Data type: Hash

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

stub

Data type: Hash

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

record

Data type: Hash

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

access

Data type: Array

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: ['::1', '127.0.0.1']

confdir

Data type: String[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '/etc/unbound'

directory

Data type: Stdlib::Absolutepath

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: $confdir

conf_d

Data type: String[1]

see A directory often included in unbound.conf config

Default value: "${confdir}/conf.d"

config_file

Data type: String[1]

The location of the main config file

Default value: "${confdir}/unbound.conf"

control_enable

Data type: Boolean

enable nsd-control

Default value: false

control_setup_path

Data type: String[1]

the path to nsd-control-setup

Default value: '/usr/sbin/unbound-control-setup'

control_path

Data type: String[1]

see the path to nsd-control

Default value: '/usr/sbin/unbound-control'

fetch_client

Data type: String[1]

client used to fetch files e.g. curl

Default value: 'wget -O'

group

Data type: String[1]

the group to use for files

Default value: 'unbound'

keys_d

Data type: String[1]

the directory to store keys

Default value: "${confdir}/keys.d"

trusted_keys_file

Data type: Stdlib::Absolutepath

the directory for trusted keys

Default value: "${keys_d}/*.key"

module_config

Data type: Array[Unbound::Module]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

owner

Data type: String[1]

the owner to use for files

Default value: 'unbound'

username

Data type: String[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: $owner

package_name

Data type: Variant[String,Array]

The package(s) to install to get unbound

Default value: 'unbound'

package_ensure

Data type: String[1]

the ensure value for the packages

Default value: 'installed'

purge_unbound_conf_d

Data type: Boolean

if true all unmanaged files in $unbound_conf_d will be purged

Default value: false

root_hints_url

Data type: String[1]

the url to download the root hints file

Default value: 'https://www.internic.net/domain/named.root'

runtime_dir

Data type: Stdlib::Absolutepath

the runtime directory used

Default value: $confdir

auto_trust_anchor_file

Data type: Stdlib::Absolutepath

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: "${runtime_dir}/root.key"

anchor_fetch_command

Data type: String[1]

the command to use to fetch the root anchor

Default value: "unbound-anchor -a ${auto_trust_anchor_file}"

service_name

Data type: String[1]

the name of the managed service

Default value: 'unbound'

service_hasstatus

Data type: Boolean

Indicate if the service supports the status parameter

Default value: true

service_ensure

Data type: Enum['running', 'stopped']

the ensure parameter for the managed service

Default value: 'running'

service_enable

Data type: Boolean

the enable parameter for the managed service

Default value: true

validate_cmd

Data type: String[1]

the validate_cmd to use to check the config

Default value: '/usr/sbin/unbound-checkconf %'

restart_cmd

Data type: String[1]

The restart command to use when reload is not enough

Default value: "/bin/systemctl restart ${service_name}"

force_restart

Data type: Boolean

Always force a service reload

Default value: false

custom_server_conf

Data type: Array[String[1]]

Add some custome config to $configfile

Default value: []

skip_roothints_download

Data type: Boolean

don't download the root hints file

Default value: false

python_script

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

dns64_prefix

Data type: String[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '64:ff9b::/96'

dns64_synthall

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

send_client_subnet

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

client_subnet_zone

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

client_subnet_always_forward

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

max_client_subnet_ipv4

Data type: Integer[0,32]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 24

max_client_subnet_ipv6

Data type: Integer[0,128]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 56

min_client_subnet_ipv4

Data type: Optional[Integer[0,32]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

min_client_subnet_ipv6

Data type: Optional[Integer[0,128]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

max_ecs_tree_size_ipv4

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

max_ecs_tree_size_ipv6

Data type: Optional[Integer[0]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ipsecmod_enabled

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: true

ipsecmod_hook

Data type: Optional[Stdlib::Absolutepath]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

ipsecmod_strict

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ipsecmod_max_ttl

Data type: Integer[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 3600

ipsecmod_ignore_bogus

Data type: Boolean

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: false

ipsecmod_whitelist

Data type: Array[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: []

backend

Data type: Optional[String[1]]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: undef

secret_seed

Data type: String[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 'default'

redis_server_host

Data type: String[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: '127.0.0.1'

redis_server_port

Data type: Integer[1,65536]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 6379

redis_timeout

Data type: Integer[1]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: 100

unbound_conf_d

Data type: Stdlib::Absolutepath

similar to conf_d, will be merged with conf_d version in future

Default value: "${confdir}/unbound.conf.d"

hints_file

Data type: Unbound::Hints_file

the root hints file to use

Default value: "${confdir}/root.hints"

update_root_hints

Data type: Enum['absent','present','unmanaged']

f we should update the root hints file

Default value: fact('systemd') ? { true => 'present', default => 'unmanaged'

hints_file_content

Data type: Optional[String[1]]

the contents of the root hints file

Default value: undef

rpzs

Data type: Hash[String[1], Unbound::Rpz]

see https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Default value: {}

unbound_version

Data type: Optional[String[1]]

the unbound_version to use, we can caluclate from the fact but specifying reduces the number of puppet runs

Default value: $facts['unbound_version']

unbound::remote

Configure remote control of the unbound daemon process

Parameters

The following parameters are available in the unbound::remote class:

enable

Data type: Boolean

The option is used to enable remote control, default is false. If turned off, the server does not listen for control.

Default value: $unbound::control_enable

interface

Data type: Array

Give IPv4 or IPv6 addresses to listen on for control commands. By default localhost (127.0.0.1 and ::1) is listened.

Default value: ['::1', '127.0.0.1']

port

Data type: Integer

The port number to listen on for control commands, default is 8953. If you change this port number, and permissions have been dropped, a reload is not sufficient to open the port again, you must then restart.

Default value: 8953

server_key_file

Data type: String

Path to the server private key, by default unbound_server.key. This file is generated by the unbound-control-setup utility. This file is used by the unbound server, but not by unbound-control.

Default value: "${unbound::confdir}/unbound_server.key"

control_use_cert

Data type: Boolean

if we should use certs for the control channel

Default value: true

server_cert_file

Data type: String

Path to the server self signed certificate, by default unbound_server.pem. This file is generated by the unbound-control-setup utility. This file is used by the unbound server, and also by unbound-control.

Default value: "${unbound::confdir}/unbound_server.pem"

control_key_file

Data type: String

Path to the control client private key, by default unbound_control.key. This file is generated by the unbound-control-setup utility. This file is used by unbound-control.

Default value: "${$unbound::confdir}/unbound_control.key"

control_cert_file

Data type: String

Path to the control client certificate, by default unbound_control.pem. This certificate has to be signed with the server certificate. This file is generated by the unbound-control-setup utility. This file is used by unbound-control.

Default value: "${$unbound::confdir}/unbound_control.pem"

group

Data type: Any

Name of the group for unbound files and directory

Default value: $unbound::group

confdir

Data type: Any

Name of the directory where configuration files are stored

Default value: $unbound::confdir

config_file

Data type: Any

Name of the unbound config file

Default value: $unbound::config_file

control_setup_path

Data type: Any

the path to nsd-control-setup

Default value: $unbound::control_setup_path

Defined types

unbound::forward

Configures a zone for DNS forwarding

Parameters

The following parameters are available in the unbound::forward defined type:

zone

Data type: Any

the name of the zone.

Default value: $name

address

Data type: Array

IP address of server to forward queries to. Can be IP 4 or IP 6 (and an array or a single value. To use a nondefault port for DNS communication append '@' with the port number.

Default value: []

host

Data type: Array

Hostname of server to forward queries to. Can be IP 4 or IP 6 (and an array or a single value. To use a nondefault port for DNS communication append '@' with the port number.

Default value: []

forward_first

Data type: Pattern[/yes|no/]

If enabled, a query is attempted without the forward clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is 'no'.

Default value: 'no'

forward_ssl_upstream

Data type: Pattern[/yes|no/]

If enabled, unbound will query the forward DNS server via TLS.

Default value: 'no'

forward_tls_upstream

Data type: Pattern[/yes|no/]

If enabled, unbound will query the forward DNS server via TLS.

Default value: 'no'

config_file

Data type: Any

name of configuration file

Default value: $unbound::config_file

unbound::localzone

The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot pro- vide correct answers.

=== Parameters:

Parameters

The following parameters are available in the unbound::localzone defined type:

zone

Data type: String

String. Zone name.

Default value: $name

type

Data type: Unbound::Local_zone_type

Custom type Unbound::Local_zone_type.

config_file

Data type: Any

name of configuration file.

Default value: $unbound::config_file

local_data

Data type: Array[Unbound::Resource_record_type]

Define local data which should be rendered into configuration file. Required value is an Array of the custom type Unbond::Resource_record_type. Default value: []. Example: unbound::localzone::local_data: - name: 'api.test.com' ttl: 15 class: IN type: A data: '1.1.1.1' - name: 'backend.test.com' type: A data: '2.2.2.2'

Default value: []

template_name

Data type: String

Use a custom template.

Default value: 'unbound/local_zone.erb'

unbound::record

Create an unbound static DNS record override

Parameters

The following parameters are available in the unbound::record defined type:

content

Data type: Variant[Array[String[1]], String[1]]

The name of the record (ip address)

ttl

Data type: Any

The time to live for this record, defaults to '14400'

Default value: '14400'

type

Data type: Any

Type or the record

Default value: 'A'

reverse

Data type: Any

Reverse record or not, defaults to false

Default value: false

entry

Data type: Any

Name entry for the record (name)

Default value: $name

config_file

Data type: Any

name of configuration file

Default value: $unbound::config_file

unbound::stub

Create an unbound stub zone for caching upstream name resolvers

Parameters

The following parameters are available in the unbound::stub defined type:

address

Data type: Variant[Array[Unbound::Address], Unbound::Address]

IP address of server to forward to. Can be IP 4 or IP 6 (and an array or a single value. To use a nondefault port for DNS communication append '@' with the port number.

nameservers

Data type: Array[Stdlib::Host]

Name of stub zone nameserver. Is itself resolved before it is used.

Default value: []

insecure

Data type: Variant[Boolean, Enum['true', 'false']]

Sets domain name to be insecure, DNSSEC chain of trust is ignored towards the domain name. So a trust anchor above the domain name can not make the domain secure with a DS record, such a DS record is then ignored. Also keys from DLV are ignored for the domain. Can be given multiple times to specify multiple domains that are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured). This can be useful if you want to make sure a trust anchor for external lookups does not affect an (unsigned) internal domain. A DS record externally can create validation failures for that internal domain.

Default value: false

no_cache

Data type: Variant[Boolean, Enum['true', 'false']]

don't cache

Default value: false

stub_first

Data type: Variant[Boolean, Enum['true', 'false']]

Controls 'stub-first' stub zone option. If true, a query that fails with the stub clause is attempted again without the stub clause.

Default value: false

type

Data type: Unbound::Local_zone_type

can be 'deny', 'refuse', 'static', 'transparent', 'typetransparent', 'redirect' or 'nodefault'.

Default value: 'transparent'

config_file

Data type: Optional[Stdlib::Unixpath]

Name of the unbound config file

Default value: undef

Data types

Unbound::Access_control

custom type for access control lists

Alias of

Struct[{
    action    => Optional[Enum['deny', 'refuse', 'allow', 'allow_setrd', 'allow_snoop', 'allow_cookie', 'deny_non_local', 'refuse_non_local']],
    tags      => Optional[Array[String]],
    rr_string => Optional[String],
    view      => Optional[String],
}]

Unbound::Address

Patterns copied from Stdlib::IP

Alias of

Variant[Stdlib::IP::Address::Nosubnet, Pattern[
    /\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}@\d{1,5}\z/,
    /\A[[:xdigit:]]{1,4}(:[[:xdigit:]]{1,4}){7}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){6}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){4}(:[[:xdigit:]]{1,4}){0,1}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){3}(:[[:xdigit:]]{1,4}){0,2}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){2}(:[[:xdigit:]]{1,4}){0,3}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){1}(:[[:xdigit:]]{1,4}){0,4}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A:(:[[:xdigit:]]{1,4}){0,5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A:(:|(:[[:xdigit:]]{1,4}){1,7})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){1}(:|(:[[:xdigit:]]{1,4}){1,6})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){2}(:|(:[[:xdigit:]]{1,4}){1,5})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){3}(:|(:[[:xdigit:]]{1,4}){1,4})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){4}(:|(:[[:xdigit:]]{1,4}){1,3})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){5}(:|(:[[:xdigit:]]{1,4}){1,2})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){6}(:|(:[[:xdigit:]]{1,4}){1,1})(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
    /\A([[:xdigit:]]{1,4}:){7}:(\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?@\d{1,5}\z/,
  ]]

Unbound::Chroot

custom type for access chroot dir to allow support for empty string

Alias of Variant[Enum[''], Stdlib::Absolutepath]

Unbound::Hints_file

custom type for hints file

Alias of Variant[Enum['builtin'], Stdlib::Absolutepath]

Unbound::Local_zone

custom enum type for local-zone types

Alias of Hash[String, Unbound::Local_zone_type]

Unbound::Local_zone_override

custom type for local zone overrides

Alias of

Struct[{
    netblock => String,
    type     => Unbound::Local_zone_type
}]

Unbound::Local_zone_type

custom enum type for local-zone types

Alias of Enum['deny', 'refuse', 'static', 'transparent', 'redirect', 'nodefault', 'typetransparent', 'inform', 'inform_deny', 'inform_redirect', 'always_transparent', 'block_a', 'always_refuse', 'always_nxdomain', 'always_null', 'noview', 'nodefault']

Unbound::Module

list of valid modules

Alias of Enum['validator', 'iterator', 'python', 'dns64', 'subnetcache', 'ipsecmod', 'cachedb', 'respip']

Unbound::Range

custom type for ranges

Alias of Pattern[/\d+(-\d+)?/]

Unbound::Resource_record_type

custom type for resource record used for local-data

Alias of

Struct[{
    'name'      => String,
    'ttl'       => Optional[Integer],
    'class'     => Optional[String],
    'type'      => String,
    'data'      => String,
}]

Unbound::Rpz

Type used to validate rzp configueration

Alias of

Struct[{
    primary             => Optional[Array[Stdlib::Host]],
    master              => Optional[Array[Stdlib::Host]],
    url                 => Optional[Array[Stdlib::HTTPUrl]],
    allow_notify        => Optional[Array[Stdlib::Host]],
    zonefile            => Optional[Stdlib::Unixpath],
    rpz_action_override => Optional[Unbound::Rpz::Action],
    rpz_cname_override  => Optional[Stdlib::Fqdn],
    rpz_log             => Optional[Boolean],
    rpz_log_name        => Optional[String],
    tags                => Optional[Array[String]],
}]

Parameters

The following parameters are available in the Unbound::Rpz data type:

primary

the primary name server

master

another name for the primary name server

url

to download the rpz zone

allow_notify

list of hosts allowed to notify

zonefile

path to zonefile

rpz_action_override

Always use this RPZ action for matching triggers from this zone. Possible action are: nxdomain, nodata, passthru, drop, disabled and cname.

rpz_cname_override

The CNAME target domain to use if the cname action is configured for rpz-action-override.

rpz_log

Log all applied RPZ actions for this RPZ zone

rpz_log_name

Specify a string to be part of the log line, for easy referencing.

tags

Limit the policies from this RPZ clause to clients with a matching tag

Unbound::Rpz::Action

list of valid rpz actions

Alias of Enum['nxdomain', 'nodata', 'passthru', 'drop', 'disabled', 'cname']

Unbound::Size

custom type for size

Alias of Pattern[/\d+([kmg])?/]