Add DNS resolver forwarding support to Unbound
This patch adds support for DNS resolver forwarding to the Unbound.
This allows the configuration of "upstream" DNS resolvers that TripleO
Unbound will query if it doesn't have a local answer to a query.
If forwarders are not defined, Unbound will perform a standard recursive
DNS resolution.
Change-Id: Id4fbde599acd4637a7422428190385d83fa44e23
(cherry picked from commit 6d65b784a8
)
This commit is contained in:
parent
6f1aed5c7d
commit
c4b7f6a5b8
@ -67,6 +67,25 @@ parameters:
|
||||
the deployment will create additonal IPs using the external
|
||||
network.
|
||||
type: comma_delimited_list
|
||||
UnboundForwardResolvers:
|
||||
default: []
|
||||
description: A list of DNS resolver IP addresses, with optional port,
|
||||
that Unbound will forward resolution requests to if Unbound
|
||||
does not have the answer.
|
||||
Example, ['192.0.2.10', '192.0.2.20@53']
|
||||
type: comma_delimited_list
|
||||
UnboundForwardFallback:
|
||||
default: true
|
||||
description: When true, if the forwarded query receives a SERVFAIL,
|
||||
Unbound will process the request as a standard recursive
|
||||
resolution.
|
||||
type: boolean
|
||||
UnboundAllowRecursion:
|
||||
default: true
|
||||
description: When false, Unbound will not attempt to recursively resolve
|
||||
the request. It will only answer for queries using local
|
||||
information.
|
||||
type: boolean
|
||||
|
||||
|
||||
conditions:
|
||||
@ -222,3 +241,6 @@ outputs:
|
||||
tripleo_unbound_security_harden: {get_param: UnboundSecurityHarden}
|
||||
tripleo_unbound_designate_integration: {get_param: UnboundDesignateIntegration}
|
||||
tripleo_unbound_bind_network: {if: ["public_net_is_ctlplane", "ctlplane", {get_param: [ServiceNetMap, UnboundNetwork]}]}
|
||||
tripleo_unbound_forward_resolvers: {get_param: UnboundForwardResolvers}
|
||||
tripleo_unbound_forward_fallback: {get_param: UnboundForwardFallback}
|
||||
tripleo_unbound_allow_recursion: {get_param: UnboundAllowRecursion}
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added support for Unbound to forward DNS resolution requests to other
|
||||
DNS resolvers (DNS resolver forwarding).
|
Loading…
Reference in New Issue
Block a user