unbound. More options, support the 'private-address' and 'private-domain' directives.
This commit is contained in:
parent
6670669002
commit
39b1aca883
|
|
@ -32,6 +32,8 @@ unbound_num_queries_per_thread: 4096
|
||||||
|
|
||||||
unbound_max_negative_ttl: 3600
|
unbound_max_negative_ttl: 3600
|
||||||
|
|
||||||
|
unbound_private_addresses: []
|
||||||
|
unbound_private_domains: []
|
||||||
# Stub zones
|
# Stub zones
|
||||||
# One of stub_host or stub_addr must be defined
|
# One of stub_host or stub_addr must be defined
|
||||||
# stub_prime and stub_first are both optional, default 'yes'
|
# stub_prime and stub_first are both optional, default 'yes'
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- block:
|
- block:
|
||||||
- name: Install the unbound resolver packages
|
- name: Install the unbound resolver packages
|
||||||
apt: pkg={{ unbound_pkgs }} state=latest cache_valid_time=1800 update_cache=yes
|
apt: pkg={{ unbound_pkgs }} state=present cache_valid_time=1800 update_cache=yes
|
||||||
|
|
||||||
- name: Install the unbound config files
|
- name: Install the unbound config files
|
||||||
template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
|
template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
- unbound-server.conf
|
- unbound-server.conf
|
||||||
- unbound-remote-control.conf
|
- unbound-remote-control.conf
|
||||||
notify: Restart unbound
|
notify: Restart unbound
|
||||||
|
tags: [ 'unbound', 'unbound_conf' ]
|
||||||
|
|
||||||
- name: On bionic, stop systemd-resolvd because it interferes
|
- name: On bionic, stop systemd-resolvd because it interferes
|
||||||
service: name=systemd-resolved state=stopped enabled=no
|
service: name=systemd-resolved state=stopped enabled=no
|
||||||
|
|
|
||||||
|
|
@ -40,11 +40,35 @@ server:
|
||||||
# with libevent
|
# with libevent
|
||||||
outgoing-range: {{ unbound_outgoing_range }}
|
outgoing-range: {{ unbound_outgoing_range }}
|
||||||
num-queries-per-thread: {{ unbound_num_queries_per_thread }}
|
num-queries-per-thread: {{ unbound_num_queries_per_thread }}
|
||||||
|
hide-identity: yes
|
||||||
|
hide-version: yes
|
||||||
|
harden-short-bufsize: yes
|
||||||
|
harden-large-queries: yes
|
||||||
|
harden-glue: yes
|
||||||
|
harden-dnssec-stripped: yes
|
||||||
|
harden-below-nxdomain: yes
|
||||||
|
harden-algo-downgrade: yes
|
||||||
|
qname-minimisation: yes
|
||||||
|
use-caps-for-id: yes
|
||||||
|
unwanted-reply-threshold: 10000
|
||||||
|
do-not-query-localhost: no
|
||||||
|
prefetch: yes
|
||||||
|
rrset-roundrobin: yes
|
||||||
|
minimal-responses: yes
|
||||||
|
val-clean-additional: yes
|
||||||
|
#
|
||||||
{% if ansible_service_mgr == 'systemd' %}
|
{% if ansible_service_mgr == 'systemd' %}
|
||||||
use-systemd: yes
|
use-systemd: yes
|
||||||
do-daemonize: no
|
do-daemonize: no
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% for cidr in unbound_private_addresses %}
|
||||||
|
private-address: {{ cidr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for dom in unbound_private_domains %}
|
||||||
|
private-domain: {{ dom }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% if unbound_stub_zones is defined %}
|
{% if unbound_stub_zones is defined %}
|
||||||
{% for zone in unbound_stub_zones %}
|
{% for zone in unbound_stub_zones %}
|
||||||
stub-zone:
|
stub-zone:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue