Add DNS resolver forwarding support to Unbound

This patch adds support for DNS resolver forwarding to the Unbound. This allows the configuration of "upstream" DNS resolvers that TripleO Unbound will query if it doesn't have a local answer to a query. If forwarders are not defined, Unbound will perform a standard recursive DNS resolution. Change-Id: Id4fbde599acd4637a7422428190385d83fa44e23 (cherry picked from commit 6d65b784a8)
2021-02-04 23:47:05 +00:00 · 2021-02-04 23:47:05 +00:00 · c4b7f6a5b8
parent 6f1aed5c7d
commit c4b7f6a5b8
2 changed files with 27 additions and 0 deletions
--- a/deployment/unbound/unbound-container-ansible.yaml
+++ b/deployment/unbound/unbound-container-ansible.yaml
@ -67,6 +67,25 @@ parameters:
                 the deployment will create additonal IPs using the external
                 network.
    type: comma_delimited_list
+  UnboundForwardResolvers:
+    default: []
+    description: A list of DNS resolver IP addresses, with optional port,
+                 that Unbound will forward resolution requests to if Unbound
+                 does not have the answer.
+                 Example, ['192.0.2.10', '192.0.2.20@53']
+    type: comma_delimited_list
+  UnboundForwardFallback:
+    default: true
+    description: When true, if the forwarded query receives a SERVFAIL,
+                 Unbound will process the request as a standard recursive
+                 resolution.
+    type: boolean
+  UnboundAllowRecursion:
+    default: true
+    description: When false, Unbound will not attempt to recursively resolve
+                 the request. It will only answer for queries using local
+                 information.
+    type: boolean


 conditions:
@ -222,3 +241,6 @@ outputs:
            tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden}
            tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration}
            tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]}
+            tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers}
+            tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback}
+            tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion}
--- a/releasenotes/notes/Add-Unbound-forwarder-support-8f29e47d4275a798.yaml
+++ b/releasenotes/notes/Add-Unbound-forwarder-support-8f29e47d4275a798.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Added support for Unbound to forward DNS resolution requests to other
+    DNS resolvers (DNS resolver forwarding).