diff --git a/deployment/unbound/unbound-container-ansible.yaml b/deployment/unbound/unbound-container-ansible.yaml index 5d12ed307b..a96c150a9d 100644 --- a/deployment/unbound/unbound-container-ansible.yaml +++ b/deployment/unbound/unbound-container-ansible.yaml @@ -67,6 +67,25 @@ parameters: the deployment will create additonal IPs using the external network. type: comma_delimited_list + UnboundForwardResolvers: + default: [] + description: A list of DNS resolver IP addresses, with optional port, + that Unbound will forward resolution requests to if Unbound + does not have the answer. + Example, ['192.0.2.10', '192.0.2.20@53'] + type: comma_delimited_list + UnboundForwardFallback: + default: true + description: When true, if the forwarded query receives a SERVFAIL, + Unbound will process the request as a standard recursive + resolution. + type: boolean + UnboundAllowRecursion: + default: true + description: When false, Unbound will not attempt to recursively resolve + the request. It will only answer for queries using local + information. + type: boolean conditions: @@ -222,3 +241,6 @@ outputs: tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden} tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration} tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]} + tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers} + tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback} + tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion} diff --git a/releasenotes/notes/Add-Unbound-forwarder-support-8f29e47d4275a798.yaml b/releasenotes/notes/Add-Unbound-forwarder-support-8f29e47d4275a798.yaml new file mode 100644 index 0000000000..3443f2b2a4 --- /dev/null +++ b/releasenotes/notes/Add-Unbound-forwarder-support-8f29e47d4275a798.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added support for Unbound to forward DNS resolution requests to other + DNS resolvers (DNS resolver forwarding).