Add DNS resolver forwarding support to Unbound
This patch adds support for DNS resolver forwarding to the Unbound. This allows the configuration of "upstream" DNS resolvers that TripleO Unbound will query if it doesn't have a local answer to a query. If forwarders are not defined, Unbound will perform a standard recursive DNS resolution. Change-Id: Id4fbde599acd4637a7422428190385d83fa44e23
This commit is contained in:
parent
991ec2f68c
commit
6d65b784a8
@ -70,6 +70,25 @@ parameters:
|
||||
the deployment will create additonal IPs using the external
|
||||
network.
|
||||
type: comma_delimited_list
|
||||
UnboundForwardResolvers:
|
||||
default: []
|
||||
description: A list of DNS resolver IP addresses, with optional port,
|
||||
that Unbound will forward resolution requests to if Unbound
|
||||
does not have the answer.
|
||||
Example, ['192.0.2.10', '192.0.2.20@53']
|
||||
type: comma_delimited_list
|
||||
UnboundForwardFallback:
|
||||
default: true
|
||||
description: When true, if the forwarded query receives a SERVFAIL,
|
||||
Unbound will process the request as a standard recursive
|
||||
resolution.
|
||||
type: boolean
|
||||
UnboundAllowRecursion:
|
||||
default: true
|
||||
description: When false, Unbound will not attempt to recursively resolve
|
||||
the request. It will only answer for queries using local
|
||||
information.
|
||||
type: boolean
|
||||
|
||||
|
||||
conditions:
|
||||
@ -237,3 +256,6 @@ outputs:
|
||||
tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden}
|
||||
tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration}
|
||||
tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]}
|
||||
tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers}
|
||||
tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback}
|
||||
tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion}
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added support for Unbound to forward DNS resolution requests to other
|
||||
DNS resolvers (DNS resolver forwarding).
|
Loading…
Reference in New Issue
Block a user