Add DNS resolver forwarding support to Unbound
This patch adds support for DNS resolver forwarding to the tripleo_unbound
role. This allows the configuration of "upstream" dns resolvers that
TripleO Unbound will query if it doesn't have a local answer to a query.
If forwarders are not defined, Unbound will perform a standard recursive
DNS resolution.
Change-Id: I04d9b2d198f83882a8a4ca7ff4c196d06f8c9ee2
(cherry picked from commit 4f4cb587db
)
This commit is contained in:
parent
772b827a69
commit
538791aa08
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Adds support for Unbound to forward DNS resolution requests to other
|
||||
DNS resolvers (DNS resolver forwarding).
|
@ -25,3 +25,6 @@ tripleo_unbound_config_basedir: "/var/lib/config-data/ansible-generated/unbound"
|
||||
tripleo_unbound_allowed_cidrs: []
|
||||
tripleo_unbound_log_queries: false
|
||||
tripleo_unbound_security_harden: true
|
||||
tripleo_unbound_forward_resolvers: []
|
||||
tripleo_unbound_allow_recursion: true
|
||||
tripleo_unbound_forward_fallback: true
|
||||
|
@ -58,9 +58,21 @@
|
||||
setype: container_file_t
|
||||
register: _unbound_config_result
|
||||
|
||||
- name: Create the TripleO Unbound forwarders configuration file
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: tripleo-forwarder-unbound.conf.j2
|
||||
dest: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
|
||||
mode: '0640'
|
||||
selevel: s0
|
||||
setype: container_file_t
|
||||
when:
|
||||
- tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
|
||||
register: _unbound_fwd_config_result
|
||||
|
||||
- name: Restart Unbound
|
||||
when:
|
||||
- _unbound_config_result.changed
|
||||
- _unbound_config_result.changed or _unbound_fwd_config_result.changed
|
||||
block:
|
||||
- name: check if tripleo_unbound systemd service is active
|
||||
become: true
|
||||
|
@ -0,0 +1,25 @@
|
||||
# {{ ansible_managed }}
|
||||
{#
|
||||
This template is for the TripleO forwarder Unbound configuration file.
|
||||
|
||||
No service specific settings should be made in this file.
|
||||
|
||||
It will be placed in the /etc/unbound/conf.d directory and will override the
|
||||
configuration settings provided in the base Unbound package from the
|
||||
distribution.
|
||||
#}
|
||||
#
|
||||
# These settings are made by TripleO, do not modify directly.
|
||||
# The settings in this file will override the package provided settings.
|
||||
#
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
{% for forwarder in tripleo_unbound_forward_resolvers %}
|
||||
forward-addr: {{ forwarder }}
|
||||
{% endfor %}
|
||||
{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
|
||||
forward-first: yes
|
||||
{% else %}
|
||||
forward-first: no
|
||||
{% endif %}
|
Loading…
Reference in New Issue
Block a user