Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/coredns/unbound

CoreDNS plugin that performs recursive queries using libunbound
https://github.com/coredns/unbound

Last synced: 26 days ago
JSON representation

CoreDNS plugin that performs recursive queries using libunbound

Host: GitHub
URL: https://github.com/coredns/unbound
Owner: coredns
License: apache-2.0
Created: 2018-01-24T16:45:42.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2022-02-23T14:45:40.000Z (almost 3 years ago)
Last Synced: 2024-04-17T18:05:15.236Z (8 months ago)
Language: Go
Homepage:
Size: 43.9 KB
Stars: 36
Watchers: 9
Forks: 21
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-coredns - unbound - CoreDNS plugin that performs recursive queries using libunbound (External Plguins)

README

        # unbound

## Name

*unbound* - perform recursive queries using libunbound.

## Description

Via *unbound* you can perform recursive queries. Unbound uses DNSSEC by default when resolving *and*

it returns those records (DNSKEY, RRSIG, NSEC and NSEC3) back to the clients. The *unbound* plugin

will remove those records when a client didn't ask for it. The internal (RR) answer cache of Unbound

is disabled, so you may want to use the *cache* plugin.

Libunbound can be configured via (a subset of) options, currently the following are set, by default:

* `msg-cache-size`, set to 0

* `rrset-cache-size`, set to 0

This plugin can only be used once per Server Block.

## Syntax

~~~

unbound [FROM]

~~~

* **FROM** is the base domain to match for the request to be resolved. If not specified the zones

  from the server block are used.

More features utilized with an expanded syntax:

~~~

unbound [FROM] {

    except IGNORED_NAMES...

    option NAME VALUE

    config FILENAME

}

~~~

* **FROM** as above.

* **IGNORED_NAMES** in `except` is a space-separated list of domains to exclude from resolving.

* `option` allows setting *some* unbound options (see unbound.conf(5)), this can be specified multiple

  times.

* `config` allows one to supply an `unbound.conf` file to configure unbound.

  _Note:_ The unbound configuration file still needs to be populated inside a

  docker container.

## Metrics

If monitoring is enabled (via the *prometheus* directive) then the following metric is exported:

* `coredns_unbound_request_duration_seconds{server}` - duration per query.

* `coredns_unbound_response_rcode_count_total{server, rcode}` - count of RCODEs.

The `server` label indicates which server handled the request, see the *metrics* plugin for details.

## Examples

Resolve queries for all domains:

~~~ corefile

. {

    unbound

}

~~~

Resolve all queries within example.org.

~~~ corefile

. {

    unbound example.org

}

~~~

or

~~~ corefile

example.org {

    unbound

}

~~~

Resolve everything except queries for example.org (or below):

~~~ corefile

. {

    unbound {

        except example.org

    }

}

~~~

Enable [DNS Query Name Minimisation](https://tools.ietf.org/html/rfc7816) by setting the option:

~~~ corefile

. {

    unbound {

        option qname-minimisation yes

    }

}

~~~

## Compiling into CoreDNS

To compile this with CoreDNS you can follow the normal procedure for external plugins, except that

you need to compile it with cgo. This means setting `CGO_ENABLED=1` when running `go build`.

## Bugs

The *unbound* plugin depends on libunbound(3) which is C library, to compile this you have

a dependency on C and cgo. You can't compile CoreDNS completely static. For compilation you

also need the libunbound source code installed (`libunbound-dev` on Debian).

DNSSEC *validation* is not supported (yet). There is also no (documented) way of configuration

a trust anchor.

## See Also

See  for information on Unbound and unbound.conf(5). See

 for the (cgo) Go wrapper for libunbound.