cdist-type__unbound(7) ======================= NAME ---- cdist-type__unbound - configure an instance of unbound, a DNS validating resolver. DESCRIPTION ----------- This type writes the configuration and OpenRC init scripts to run an instance of unbound. The most commonly used options for unbound are configurable through flags. Note that this type is currently only implemented (and tested) on Alpine Linux. Please contribute other implementations if you can. OPTIONAL PARAMETERS ------------------- verbosity Control the `unbound.conf(5)` verbosity parameter. port Control the `unbound.conf(5)` port parameter. control-port Control the `unbound.conf(5)` control-port parameter. dns64-prefix Control the `unbound.conf(5)` dns64-prefix parameter. OPTIONAL MULTIPLE PARAMETERS ---------------------------- interface Control the `unbound.conf(5)` interface parameter. Can be given multiple times, will generate multiple `interface: xxx` clauses. access-control Control the `unbound.conf(5)` access-control parameter. Can be given multiple times, will generate multiple `access-control` clauses. The format is an IP block followed by an access-control keyword. control-interface Control the `unbound.conf(5)` control-interface parameter. Can be given mutltiple times, will generate multiple `control-interface` clauses. Note that without the `enable-rc` boolean flags, remote control will not be enabled. Note that if at least one control interfaces is not a local socket, then you should enable the `control-use-certs` boolean flag to generate and configure TLS certificates for use between `unbound(8)` and `unbound-control(8)` forward-zone Define a forward zone. Each zone is comprised of a name, which defines for what domains this zone applies, and at least one DNS server to which the queries should be forwarded. The format is a comma-separated list of values where the first element is the name of the zone, and the following elements are the IP addresses of the DNS servers; e.g. `example.com,1.2.3.4,4.3.2.1` local-data Control the `unbound.conf(5)` local-data parameter. Note that no local-zone is defined, so the unbound default is to treat this data as a transparent local zone. BOOLEAN PARAMETERS ------------------ ip-transparent Control the `unbound.conf(5)` ip-transparent parameter. dns64 Enables the addition of the DNS64 module. enable-rc Enable remote control. control-use-certs Enable the generation using `unbound-control-setup(8)` of TLS certificates for the interaction between `unbound(8)` and `unbound-control(8)`, as well as their inclusion in the configuration file. disable-ip4 Disable answering queries over IPv4. disable-ip6 Disable answering queries over IPv6. EXAMPLES -------- .. code-block:: sh # Setup two resolvers, one with dns64, the other without. __unbound unbound \ --dns64 \ --ip-transparent \ --interface "$address" \ --access-control "$address/64 allow" \ --enable-rc \ --control-interface "/var/run/unbound_control.sock" __unbound unbound6only \ --ip-transparent \ --interface "$addresstwo" \ --access-control "$addresstwo/64 allow" \ --forward-zone "example.com,1.1.1.1,2.2.2.2" SEE ALSO -------- `unbound(8)` `unbound.conf(5)` `unbound-control(8)` AUTHORS ------- Joachim Desroches COPYING ------- Copyright \(C) 2021 Joachim Desroches. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.