{"id":15022790,"url":"https://github.com/voxpupuli/puppet-unbound","last_synced_at":"2025-05-16T06:07:50.036Z","repository":{"id":1889867,"uuid":"2815878","full_name":"voxpupuli/puppet-unbound","owner":"voxpupuli","description":"Puppet module for deploying the swiss-army of DNS, Unbound","archived":false,"fork":false,"pushed_at":"2025-03-19T19:58:19.000Z","size":682,"stargazers_count":28,"open_issues_count":5,"forks_count":72,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-05-08T16:02:30.410Z","etag":null,"topics":["archlinux-puppet-module","bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","openbsd-puppet-module","oraclelinux-puppet-module","puppet","redhat-puppet-module","scientific-puppet-module","ubuntu-puppet-module"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/puppet/unbound","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"danielebogo/PSUpdateApp","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2011-11-20T21:39:23.000Z","updated_at":"2025-03-19T19:58:22.000Z","dependencies_parsed_at":"2023-12-19T12:34:26.065Z","dependency_job_id":"c2e0a60d-94e6-46be-a78a-c59922059efc","html_url":"https://github.com/voxpupuli/puppet-unbound","commit_stats":{"total_commits":469,"total_committers":73,"mean_commits":6.424657534246576,"dds":0.8230277185501066,"last_synced_commit":"56b192cd9ed426f95cadd2192ba17ca46b154bda"},"previous_names":["xaque208/puppet-unbound"],"tags_count":52,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-unbound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-unbound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-unbound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-unbound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/puppet-unbound/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253858687,"owners_count":21974976,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["archlinux-puppet-module","bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","openbsd-puppet-module","oraclelinux-puppet-module","puppet","redhat-puppet-module","scientific-puppet-module","ubuntu-puppet-module"],"created_at":"2024-09-24T19:58:22.972Z","updated_at":"2025-05-16T06:07:48.396Z","avatar_url":"https://github.com/voxpupuli.png","language":"Puppet","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":[],"sub_categories":[],"readme":"# Puppet powered DNS with Unbound\n\n[![Build Status](https://github.com/voxpupuli/puppet-unbound/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-unbound/actions?query=workflow%3ACI)\n[![Release](https://github.com/voxpupuli/puppet-unbound/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/puppet-unbound/actions/workflows/release.yml)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/unbound.svg)](https://forge.puppetlabs.com/puppet/unbound)\n[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/unbound.svg)](https://forge.puppetlabs.com/puppet/unbound)\n[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/unbound.svg)](https://forge.puppetlabs.com/puppet/unbound)\n[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/unbound.svg)](https://forge.puppetlabs.com/puppet/unbound)\n[![puppetmodule.info docs](http://www.puppetmodule.info/images/badge.png)](http://www.puppetmodule.info/m/puppet-unbound)\n[![Apache-2.0 License](https://img.shields.io/github/license/voxpupuli/puppet-unbound.svg)](LICENSE)\n\nA puppet module for the Unbound caching resolver.\n\n## Supported Platforms\n\n* Debian\n* FreeBSD\n* OpenBSD\n* OS X (macports)\n* RHEL clones (with EPEL)\n* openSUSE (local repo or obs://server:dns)\n* Archlinux\n\nFor an up2date list of supported operating systems and their versions, please\ncheck the metadata.json.\n\n## Requirements\n\nTo use this module requires at least unbound 1.6.6.  Please also consult\nmetadata.json to understand the minimum puppet version and any other module\ndependencies.\n\n## Usage\n\n### Server Setup\n\nAt minimum you should setup the interfaces to listen on and allow access to a\nfew subnets.  This will tell unbound which interfaces to listen on, and which\nnetworks to allow queries from.\n\n```puppet\nclass { \"unbound\":\n  interface =\u003e [\"::0\",\"0.0.0.0\"],\n  access    =\u003e [\"10.0.0.0/20\",\"::1\"],\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::interface:\n  - '::0'\n  - '0.0.0.0'\nunbound::access:\n  - '10.0.0.0/20'\n  - '::1'\n```\n\n### Stub Zones\n\nThese are zones for which you have an authoritative name server and want to\ndirect queries.\n\n```puppet\nunbound::stub { \"lan.example.com\":\n  address  =\u003e '10.0.0.10',\n  insecure =\u003e true,\n}\n\nunbound::stub { \"0.0.10.in-addr.arpa.\":\n  address  =\u003e '10.0.0.10',\n  insecure =\u003e true,\n}\n\n# port can be specified\nunbound::stub { \"0.0.10.in-addr.arpa.\":\n  address  =\u003e '10.0.0.10@10053',\n  insecure =\u003e true,\n}\n\n# address can be an array along with nameservers.\n# in the following case, generated conf would be as follows:\n#\n#   stub-addr: 10.0.0.53\n#   stub-addr: 10.0.0.10@10053\n#   stub-host: ns1.example.com\n#   stub-host: ns2.example.com\n#\n# note that conf will be generated in the same order provided.\nunbound::stub { \"10.0.10.in-addr.arpa.\":\n  address    =\u003e [ '10.0.0.53', '10.0.0.10@10053'],\n  nameservers =\u003e [ 'ns1.example.com', 'ns2.example.com' ],\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::stub:\n  '10.0.10.in-addr.arpa.':\n    address:\n      - '10.0.0.53\n      - '10.0.0.10@10053'\n    nameserveres:\n      - 'ns1.example.com'\n      - 'ns2.example.com'\n```\n\nUnless you have DNSSEC for your private zones, they are considered insecure,\nnoted by `insecure =\u003e true`.\n\n### Static DNS records\n\nFor overriding DNS record in zone.\n\n```puppet\nunbound::record { 'test.example.tld':\n    type    =\u003e 'A',\n    content =\u003e '10.0.0.1',\n    ttl     =\u003e '14400',\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::record:\n  'test.example.tld':\n    type: 'A'\n    content: '10.0.0.1'\n    ttl: '14400'\n```\n\n### Forward Zones\n\nSetup a forward zone with a list of address from which you should resolve\nqueries.  You can configure a forward zone with something like the following:\n\n```puppet\nunbound::forward { '.':\n  address =\u003e [\n    '8.8.8.8',\n    '8.8.4.4'\n    ]\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::forward:\n  '.':\n    address:\n      - '8.8.8.8'\n      - '8.8.4.4'\n```\n\nThis means that your server will use the Google DNS servers for any\nzones that it doesn't know how to reach and cache the result.\n\n### Domain Insecure\n\nSets  domain  name  to  be  insecure,  DNSSEC  chain of trust is\nignored towards the domain name.  So a trust  anchor  above  the\ndomain  name  can  not  make the domain secure with a DS record,\nsuch a DS record is  then  ignored.   Also  keys  from  DLV  are\nignored  for the domain.  Can be given multiple times to specify\nmultiple domains that are treated as if unsigned.   If  you  set\ntrust anchors for the domain they override this setting (and the\ndomain is secured).\n\n```puppet\nclass {'unbound:'\n  domain_insecure =\u003e ['example.com', example.org']\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::domain_insecure:\n- example.com\n- example.org\n```\n\n### Local Zones\n\nConfigure a local zone. The type determines the answer  to  give\nif  there  is  no  match  from  local-data.  The types are deny,\nrefuse, static, transparent, redirect, nodefault,  typetranspar-\nent,  inform,  inform\\_deny,  always\\_transparent,  always\\_refuse,\nalways\\_nxdomain.  See local-zone in the [unbound documentation](https://unbound.net/documentation/unbound.conf.html)\nfor more information.  You can configure a local-zone with something like the\nfollowing.\n\n```puppet\nclass {'unbound:'\n  local_zone =\u003e { '10.0.10.in-addr.arpa.' =\u003e 'nodefault'}\n}\n```\n\nOr, using unbound::localzone\n\n```puppet\nunbound::localzone { '10.0.10.in-addr.arpa.':\n  type =\u003e 'nodefault'\n}\n```\n\nOr, using hiera\n\n```yaml\nunbound::local_zone:\n  10.0.10.in-addr.arpa.: nodefault\n  11.0.10.in-addr.arpa.: nodefault\n```\n\n### Fine grain access-control\n\n```puppet\nclass { \"unbound\":\n  interface =\u003e [\"::0\",\"0.0.0.0\"],\n  access    =\u003e [\"10.0.0.0/20\", \"10.0.0.5/32 reject\", \"::1 allow_snoop\"],\n}\n```\n\nThe access option allows to pass the action for each subnets, if the action is\nnot provided we assume it’s 'allow'.\n\n### Adding arbitrary unbound configuration parameters\n\n```puppet\nclass { \"unbound\":\n  interface          =\u003e [\"::0\",\"0.0.0.0\"],\n  access             =\u003e [\"10.0.0.0/20\",\"::1\"],\n  custom_server_conf =\u003e [ 'include: \"/etc/unbound/conf.d/*.conf\"' ],\n}\n```\n\nThe _custom_server_conf_ option allows the addition of arbitrary configuration\nparameters to your server configuration. It expects an array, and each element\ngets added to the configuration file on a separate line. In the example above,\nwe instruct Unbound to load other configuration files from a subdirectory.\n\n### Remote Control\n\nThe Unbound remote controls the use of the unbound-control utility to issue\ncommands to the Unbound daemon process.\n\n```puppet\nclass { \"unbound::remote\":\n  enable =\u003e true,\n}\n```\n\nOn some platforms this is needed to function correctly for things like service\nreloads.\n\n### Skipping hints download\n\nIn the case you're only building a caching forwarder and don't do iterative\nlookups you might not want to download the hints file containing the root\nnameservers because you don't need it, or you also might not be able to\ndownload it anyway because your server is firewalled which would cause the\nmodule would hang on trying to download the hints file. To skip the download\nset the skip_roothints_download parameter to true.\n\n```puppet\nclass { \"unbound\":\n  skip_roothints_download =\u003e true,\n}\n```\n\n## More information\n\nYou can find more information about Unbound and its configuration items at\n[unbound.net](http://unbound.net).\n\n## Contribute\n\nPlease help me make this module awesome!  Send pull requests and file issues.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-unbound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fpuppet-unbound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-unbound/lists"}