diff --git a/REFERENCE.md b/REFERENCE.md
index 834b9e3..f5ee898 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -90,7 +90,7 @@ The following parameters are available in the `unbound` class:
* [`do_tcp`](#do_tcp)
* [`tcp_mss`](#tcp_mss)
* [`tls_cert_bundle`](#tls_cert_bundle)
-* [`tls_upstreami`](#tls_upstreami)
+* [`tls_upstream`](#tls_upstream)
* [`outgoing_tcp_mss`](#outgoing_tcp_mss)
* [`tcp_idle_timeout`](#tcp_idle_timeout)
* [`edns_tcp_keepalive`](#edns_tcp_keepalive)
@@ -107,6 +107,8 @@ The following parameters are available in the `unbound` class:
* [`do_daemonize`](#do_daemonize)
* [`access_control`](#access_control)
* [`chroot`](#chroot)
+* [`username`](#username)
+* [`directory`](#directory)
* [`logfile`](#logfile)
* [`log_identity`](#log_identity)
* [`log_time_ascii`](#log_time_ascii)
@@ -145,7 +147,9 @@ The following parameters are available in the `unbound` class:
* [`minimal_responses`](#minimal_responses)
* [`disable_dnssec_lame_check`](#disable_dnssec_lame_check)
* [`trust_anchor_file`](#trust_anchor_file)
+* [`auto_trust_anchor_file`](#auto_trust_anchor_file)
* [`trust_anchor`](#trust_anchor)
+* [`trusted_keys_file`](#trusted_keys_file)
* [`trust_anchor_signaling`](#trust_anchor_signaling)
* [`domain_insecure`](#domain_insecure)
* [`val_sig_skew_min`](#val_sig_skew_min)
@@ -191,9 +195,9 @@ The following parameters are available in the `unbound` class:
* [`stub`](#stub)
* [`record`](#record)
* [`access`](#access)
-* [`confdir`](#confdir)
-* [`directory`](#directory)
+* [`anchor_fetch_command`](#anchor_fetch_command)
* [`conf_d`](#conf_d)
+* [`confdir`](#confdir)
* [`config_file`](#config_file)
* [`control_enable`](#control_enable)
* [`control_setup_path`](#control_setup_path)
@@ -201,17 +205,14 @@ The following parameters are available in the `unbound` class:
* [`fetch_client`](#fetch_client)
* [`group`](#group)
* [`keys_d`](#keys_d)
-* [`trusted_keys_file`](#trusted_keys_file)
* [`module_config`](#module_config)
* [`owner`](#owner)
-* [`username`](#username)
* [`package_name`](#package_name)
+* [`package_provider`](#package_provider)
* [`package_ensure`](#package_ensure)
* [`purge_unbound_conf_d`](#purge_unbound_conf_d)
* [`root_hints_url`](#root_hints_url)
* [`runtime_dir`](#runtime_dir)
-* [`auto_trust_anchor_file`](#auto_trust_anchor_file)
-* [`anchor_fetch_command`](#anchor_fetch_command)
* [`service_name`](#service_name)
* [`service_hasstatus`](#service_hasstatus)
* [`service_ensure`](#service_ensure)
@@ -247,7 +248,7 @@ The following parameters are available in the `unbound` class:
##### `hints_file`
-Data type: `Unbound::Hints_file`
+Data type: `Variant[Enum['builtin'], Stdlib::Absolutepath]`
File path to the root-hints. Set to 'builtin' to remove root-hint option from unbound.conf and use built-in hints.
@@ -311,11 +312,11 @@ Default value: `53`
##### `interface`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `interface_automatic`
@@ -327,11 +328,11 @@ Default value: ``false``
##### `outgoing_interface`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `outgoing_range`
@@ -347,7 +348,7 @@ Data type: `Unbound::Range`
-Default value: `'32768-65535'`
+Default value: `32768-65535`
##### `outgoing_port_avoid`
@@ -355,7 +356,7 @@ Data type: `Unbound::Range`
-Default value: `'0-32767'`
+Default value: `0-32767`
##### `outgoing_port_permit_first`
@@ -567,11 +568,11 @@ Default value: ``undef``
##### `define_tag`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `do_ip4`
@@ -629,7 +630,7 @@ Data type: `Optional[Stdlib::Absolutepath]`
Default value: ``undef``
-##### `tls_upstreami`
+##### `tls_upstream`
Data type: `Boolean`
@@ -719,7 +720,7 @@ Default value: ``undef``
##### `tls_ciphers`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -727,7 +728,7 @@ Default value: ``undef``
##### `tls_ciphersuites`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -751,20 +752,45 @@ Default value: ``true``
##### `access_control`
-Data type: `Hash[String[1], Unbound::Access_control]`
+Data type: `Optional[Hash[String, Unbound::Access_control]]`
-Default value: `{}`
+Default value: ``undef``
##### `chroot`
-Data type: `Optional[Unbound::Chroot]`
+Data type: `Optional[Variant[Enum[''],Stdlib::Absolutepath]]`
Default value: ``undef``
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/RedHat.yaml` | `facts.os.family`: `RedHat` | `` |
+
+
+
+##### `username`
+
+Data type: `Optional[String]`
+
+
+
+Default value: `%{hiera('unbound::owner')}`
+
+##### `directory`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `%{hiera('unbound::confdir')}`
+
##### `logfile`
Data type: `Optional[Stdlib::Absolutepath]`
@@ -775,7 +801,7 @@ Default value: ``undef``
##### `log_identity`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -831,11 +857,23 @@ Default value: ``false``
##### `pidfile`
-Data type: `Stdlib::Absolutepath`
+Data type: `Optional[Stdlib::Absolutepath]`
+
+
+Default value: `/var/run/unbound/unbound.pid`
+
+ Hiera overrides in a detailed table
-Default value: `'/var/run/unbound/unbound.pid'`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/usr/local/etc/unbound/unbound.pid` |
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `/var/run/unbound.pid` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/local/etc/unbound/unbound.pid` |
+ | `data/os/Debian.yaml` | `facts.os.family`: `Debian` | `/run/unbound.pid` |
+
+
##### `hide_identity`
@@ -847,7 +885,7 @@ Default value: ``true``
##### `identity`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -863,7 +901,7 @@ Default value: ``true``
##### `version`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -879,11 +917,11 @@ Default value: ``true``
##### `target_fetch_policy`
-Data type: `Array[Integer]`
+Data type: `Optional[Array[Integer]]`
-Default value: `[]`
+Default value: ``undef``
##### `harden_short_bufsize`
@@ -951,11 +989,11 @@ Default value: ``false``
##### `caps_whitlist`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `qname_minimisation`
@@ -975,19 +1013,19 @@ Default value: ``false``
##### `private_address`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `private_domain`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `unwanted_reply_threshold`
@@ -999,11 +1037,11 @@ Default value: `10000000`
##### `do_not_query_address`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `do_not_query_localhost`
@@ -1069,13 +1107,29 @@ Data type: `Optional[Stdlib::Absolutepath]`
Default value: ``undef``
+##### `auto_trust_anchor_file`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `%{hiera('unbound::runtime_dir')}/root.key`
+
##### `trust_anchor`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
+
+##### `trusted_keys_file`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: `%{hiera('unbound::keys_d')}/*.key`
##### `trust_anchor_signaling`
@@ -1087,11 +1141,11 @@ Default value: ``true``
##### `domain_insecure`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `val_sig_skew_min`
@@ -1191,11 +1245,11 @@ Default value: ``undef``
##### `val_nsec3_keysize_iterations`
-Data type: `Array[Integer[1]]`
+Data type: `Optional[Array[Integer[1]]]`
-Default value: `[]`
+Default value: ``undef``
##### `add_holddown`
@@ -1271,43 +1325,43 @@ Default value: ``false``
##### `local_zone`
-Data type: `Unbound::Local_zone`
+Data type: `Optional[Unbound::Local_zone]`
-Default value: `{}`
+Default value: ``undef``
##### `local_data`
-Data type: `Optional[Array[String[1]]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `local_data_ptr`
-Data type: `Optional[Array[String[1]]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `local_zone_tag`
-Data type: `Hash[String[1], Array[String[1]]]`
+Data type: `Optional[Hash[String, Array[String]]]`
-Default value: `{}`
+Default value: ``undef``
##### `local_zone_override`
-Data type: `Hash[String[1], Unbound::Local_zone_override]`
+Data type: `Optional[Hash[String, Unbound::Local_zone_override]]`
-Default value: `{}`
+Default value: ``undef``
##### `ratelimit`
@@ -1343,19 +1397,19 @@ Default value: ``undef``
##### `ratelimit_for_domain`
-Data type: `Hash[String[1], Integer[0]]`
+Data type: `Optional[Hash[String,Integer[0]]]`
-Default value: `{}`
+Default value: ``undef``
##### `ratelimit_below_domain`
-Data type: `Hash[String[1], Integer[0]]`
+Data type: `Optional[Hash[String,Integer[0]]]`
-Default value: `{}`
+Default value: ``undef``
##### `ip_ratelimit`
@@ -1435,39 +1489,60 @@ Data type: `Array`
-Default value: `['::1', '127.0.0.1']`
+Default value: `["::1", "127.0.0.1/8"]`
-##### `confdir`
+##### `anchor_fetch_command`
+
+Data type: `String`
-Data type: `String[1]`
+Default value: `unbound-anchor -a %{hiera('unbound::auto_trust_anchor_file')}`
-Default value: `'/etc/unbound'`
+
+ Hiera overrides in a detailed table
-##### `directory`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/opt/local/sbin/unbound-anchor -a %{hiera('unbound::auto_trust_anchor_file')}` |
-Data type: `Stdlib::Absolutepath`
+
+##### `conf_d`
+Data type: `String`
-Default value: `$confdir`
-##### `conf_d`
-Data type: `String[1]`
+Default value: `%{hiera('unbound::confdir')}/conf.d`
+##### `confdir`
+
+Data type: `String`
+
+
+
+Default value: `/etc/unbound`
+
+ Hiera overrides in a detailed table
-Default value: `"${confdir}/conf.d"`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/opt/local/etc/unbound` |
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `/var/unbound/etc` |
+ | `data/os/Darwin.yaml` | `facts.os.family`: `Darwin` | `/opt/local/etc/unbound` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/local/etc/unbound` |
+
+
##### `config_file`
-Data type: `String[1]`
+Data type: `String`
-Default value: `"${confdir}/unbound.conf"`
+Default value: `%{hiera('unbound::confdir')}/unbound.conf`
##### `control_enable`
@@ -1477,77 +1552,121 @@ Data type: `Boolean`
Default value: ``false``
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `true` |
+
+
+
##### `control_setup_path`
-Data type: `String[1]`
+Data type: `String`
-Default value: `'/usr/sbin/unbound-control-setup'`
+Default value: `/usr/sbin/unbound-control-setup`
+
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/opt/local/sbin/unbound-control-setup` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/local/sbin/unbound-control-setup` |
+
+
##### `control_path`
-Data type: `String[1]`
+Data type: `String`
+
+
+Default value: `/usr/sbin/unbound-control`
+
+ Hiera overrides in a detailed table
-Default value: `'/usr/sbin/unbound-control'`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/opt/local/sbin/unbound-control` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/local/sbin/unbound-control` |
+
+
##### `fetch_client`
-Data type: `String[1]`
+Data type: `String`
-Default value: `'wget -O'`
+Default value: `wget -O`
-##### `group`
+
+ Hiera overrides in a detailed table
-Data type: `String[1]`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `wget -O` |
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `ftp -o` |
+ | `data/os/Darwin.yaml` | `facts.os.family`: `Darwin` | `curl -o` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `fetch -o` |
+ | `data/os/RedHat.yaml` | `facts.os.family`: `RedHat` | `curl -o` |
+
+##### `group`
-Default value: `'unbound'`
+Data type: `String`
-##### `keys_d`
-Data type: `String[1]`
+Default value: `unbound`
+
+ Hiera overrides in a detailed table
-Default value: `"${confdir}/keys.d"`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `_unbound` |
-##### `trusted_keys_file`
+
-Data type: `Stdlib::Absolutepath`
+##### `keys_d`
+
+Data type: `String`
-Default value: `"${keys_d}/*.key"`
+Default value: `%{hiera('unbound::confdir')}/keys.d`
##### `module_config`
-Data type: `Array[Unbound::Module]`
+Data type: `Optional[Array[Unbound::Module]]`
-Default value: `[]`
+Default value: ``undef``
##### `owner`
-Data type: `String[1]`
-
-
+Data type: `String`
-Default value: `'unbound'`
-##### `username`
-Data type: `String[1]`
+Default value: `unbound`
+
+ Hiera overrides in a detailed table
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `_unbound` |
-Default value: `$owner`
+
##### `package_name`
@@ -1555,15 +1674,41 @@ Data type: `String`
-Default value: `'unbound'`
+Default value: `unbound`
+
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `` |
+
+
+
+##### `package_provider`
+
+Data type: `Optional[String]`
+
+
+
+Default value: ``undef``
+
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Darwin.yaml` | `facts.os.family`: `Darwin` | `macports` |
+
+
##### `package_ensure`
-Data type: `String[1]`
+Data type: `String`
-Default value: `'installed'`
+Default value: `installed`
##### `purge_unbound_conf_d`
@@ -1573,45 +1718,59 @@ Data type: `Boolean`
Default value: ``false``
-##### `root_hints_url`
-
-Data type: `String[1]`
-
+
+ Hiera overrides in a detailed table
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Debian.yaml` | `facts.os.family`: `Debian` | `true` |
-Default value: `'https://www.internic.net/domain/named.root'`
+
-##### `runtime_dir`
+##### `root_hints_url`
-Data type: `Stdlib::Absolutepath`
+Data type: `String`
-Default value: `$confdir`
+Default value: `https://www.internic.net/domain/named.root`
-##### `auto_trust_anchor_file`
+##### `runtime_dir`
Data type: `Stdlib::Absolutepath`
-Default value: `"${runtime_dir}/root.key"`
+Default value: `%{hiera('unbound::confdir')}`
-##### `anchor_fetch_command`
+
+ Hiera overrides in a detailed table
-Data type: `String[1]`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Suse.yaml` | `facts.os.family`: `Suse` | `/var/lib/unbound` |
+ | `data/os/Debian.yaml` | `facts.os.family`: `Debian` | `/var/lib/unbound` |
+ | `data/os/RedHat.yaml` | `facts.os.family`: `RedHat` | `/var/lib/unbound` |
+
+##### `service_name`
-Default value: `"unbound-anchor -a ${auto_trust_anchor_file}"`
+Data type: `String`
-##### `service_name`
-Data type: `String[1]`
+Default value: `unbound`
+
+ Hiera overrides in a detailed table
-Default value: `'unbound'`
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `unbound` |
+ | `data/os/Darwin.yaml` | `facts.os.family`: `Darwin` | `org.macports.unbound` |
+
+
##### `service_hasstatus`
@@ -1627,7 +1786,7 @@ Data type: `Enum['running', 'stopped']`
-Default value: `'running'`
+Default value: `running`
##### `service_enable`
@@ -1639,23 +1798,47 @@ Default value: ``true``
##### `validate_cmd`
-Data type: `String[1]`
+Data type: `String`
+
+Default value: `/usr/sbin/unbound-checkconf %`
-Default value: `'/usr/sbin/unbound-checkconf %'`
+
+ Hiera overrides in a detailed table
+
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/opt/local/sbin/unbound-checkconf %` |
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `/usr/sbin/unbound-checkconf %` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/local/sbin/unbound-checkconf %` |
+ | `data/os/RedHat.yaml` | `facts.os.family`: `RedHat` | `/usr/sbin/unbound-checkconf %` |
+
+
##### `restart_cmd`
-Data type: `String[1]`
+Data type: `String`
+
+
+
+Default value: `/bin/systemctl restart %{hiera('unbound::service_name')}`
+
+ Hiera overrides in a detailed table
+ | Filename | Interpolations | Value |
+ |----------|----------------|-------|
+ | `data/os/RedHat/6.yaml` | `facts.os.family`: `RedHat`
`facts.os.release.major`: `6` | `/usr/bin/service %{hiera('unbound::service_name')} restart` |
+ | `data/os/Solaris/SmartOS.yaml` | `facts.os.family`: `Solaris`
`facts.os.release.major`: `SmartOS` | `/usr/sbin/svcadm restart %{hiera('unbound::service_name')}` |
+ | `data/os/OpenBSD.yaml` | `facts.os.family`: `OpenBSD` | `/usr/sbin/rcctl restart %{lookup('unbound::service_name')}` |
+ | `data/os/FreeBSD.yaml` | `facts.os.family`: `FreeBSD` | `/usr/sbin/service %{hiera('unbound::service_name')} restart` |
-Default value: `"/bin/systemctl restart ${service_name}"`
+
##### `custom_server_conf`
-Data type: `Array[String[1]]`
+Data type: `Array[String]`
@@ -1679,11 +1862,11 @@ Default value: ``undef``
##### `dns64_prefix`
-Data type: `String[1]`
+Data type: `Optional[String]`
-Default value: `'64:ff9b::/96'`
+Default value: `64:ff9b::/96`
##### `dns64_synthall`
@@ -1695,19 +1878,19 @@ Default value: ``false``
##### `send_client_subnet`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `client_subnet_zone`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `client_subnet_always_forward`
@@ -1807,15 +1990,15 @@ Default value: ``false``
##### `ipsecmod_whitelist`
-Data type: `Array[String[1]]`
+Data type: `Optional[Array[String]]`
-Default value: `[]`
+Default value: ``undef``
##### `backend`
-Data type: `Optional[String[1]]`
+Data type: `Optional[String]`
@@ -1823,19 +2006,19 @@ Default value: ``undef``
##### `secret_seed`
-Data type: `String[1]`
+Data type: `String`
-Default value: `'default'`
+Default value: `default`
##### `redis_server_host`
-Data type: `String[1]`
+Data type: `String`
-Default value: `'127.0.0.1'`
+Default value: `127.0.0.1`
##### `redis_server_port`
@@ -1859,7 +2042,7 @@ Data type: `Stdlib::Absolutepath`
-Default value: `"${confdir}/unbound.conf.d"`
+Default value: `%{hiera('unbound::confdir')}/unbound.conf.d`
### `unbound::remote`
diff --git a/data/common.yaml b/data/common.yaml
new file mode 100644
index 0000000..d0cf38d
--- /dev/null
+++ b/data/common.yaml
@@ -0,0 +1,208 @@
+---
+unbound::verbosity: 1
+unbound::statistics_interval: ~
+unbound::statistics_cumulative: false
+unbound::extended_statistics: false
+unbound::num_threads: 1
+unbound::port: 53
+unbound::interface: ~
+unbound::interface_automatic: false
+unbound::outgoing_interface: ~
+unbound::outgoing_range: ~
+unbound::outgoing_port_permit: '32768-65535'
+unbound::outgoing_port_avoid: '0-32767'
+unbound::outgoing_port_permit_first: true
+unbound::outgoing_num_tcp: ~
+unbound::incoming_num_tcp: ~
+unbound::edns_buffer_size: 1280
+unbound::max_udp_size: ~
+unbound::stream_wait_size: ~
+unbound::msg_buffer_size: ~
+unbound::msg_cache_size: ~
+unbound::msg_cache_slabs: ~
+unbound::num_queries_per_thread: ~
+unbound::jostle_timeout: ~
+unbound::delay_close: ~
+unbound::unknown_server_time_limit: ~
+unbound::so_rcvbuf: ~
+unbound::so_sndbuf: ~
+unbound::so_reuseport: false
+unbound::ip_transparent: false
+unbound::ip_freebind: false
+unbound::rrset_cache_size: ~
+unbound::rrset_cache_slabs: ~
+unbound::cache_max_ttl: ~
+unbound::cache_max_negative_ttl: ~
+unbound::cache_min_ttl: ~
+unbound::infra_host_ttl: ~
+unbound::infra_cache_numhosts: ~
+unbound::infra_cache_slabs: ~
+unbound::infra_cache_min_rtt: ~
+unbound::define_tag: ~
+unbound::do_ip4: true
+unbound::do_ip6: true
+unbound::prefer_ip6: false
+unbound::do_udp: true
+unbound::do_tcp: true
+unbound::tcp_mss: ~
+unbound::outgoing_tcp_mss: ~
+unbound::tcp_idle_timeout: ~
+unbound::edns_tcp_keepalive: false
+unbound::edns_tcp_keepalive_timeout: ~
+unbound::tcp_upstream: false
+unbound::udp_upstream_without_downstream: false
+unbound::tls_cert_bundle: ~
+unbound::tls_upstream: false
+unbound::ssl_upstream: false
+unbound::ssl_service_key: ~
+unbound::ssl_service_pem: ~
+unbound::ssl_port: ~
+unbound::tls_ciphers: ~
+unbound::tls_ciphersuites: ~
+unbound::use_systemd: false
+unbound::do_daemonize: true
+unbound::access_control: ~
+unbound::chroot: ~
+unbound::username: "%{hiera('unbound::owner')}"
+unbound::directory: "%{hiera('unbound::confdir')}"
+unbound::logfile: ~
+unbound::log_identity: ~
+unbound::log_time_ascii: false
+unbound::log_queries: false
+unbound::log_replies: false
+unbound::log_tag_queryreply: false
+unbound::log_local_actions: false
+unbound::log_servfail: false
+unbound::pidfile: '/var/run/unbound/unbound.pid'
+unbound::hide_identity: true
+unbound::identity: ~
+unbound::hide_version: true
+unbound::version: ~
+unbound::hide_trustanchor: true
+unbound::target_fetch_policy: ~
+unbound::harden_short_bufsize: false
+unbound::harden_large_queries: false
+unbound::harden_glue: true
+unbound::harden_dnssec_stripped: true
+unbound::harden_below_nxdomain: true
+unbound::harden_referral_path: false
+unbound::harden_algo_downgrade: false
+unbound::use_caps_for_id: false
+unbound::caps_whitlist: ~
+unbound::qname_minimisation: false
+unbound::qname_minimisation_strict: false
+unbound::private_address: ~
+unbound::private_domain: ~
+unbound::unwanted_reply_threshold: 10000000
+unbound::do_not_query_address: ~
+unbound::do_not_query_localhost: true
+unbound::prefetch: false
+unbound::prefetch_key: false
+unbound::deny_any: false
+unbound::rrset_roundrobin: false
+unbound::minimal_responses: false
+unbound::disable_dnssec_lame_check: false
+unbound::trust_anchor_file: ~
+unbound::auto_trust_anchor_file: "%{hiera('unbound::runtime_dir')}/root.key"
+unbound::trust_anchor: ~
+unbound::trusted_keys_file: "%{hiera('unbound::keys_d')}/*.key"
+unbound::trust_anchor_signaling: true
+unbound::domain_insecure: ~
+unbound::val_sig_skew_min: ~
+unbound::val_sig_skew_max: ~
+unbound::val_bogus_ttl: ~
+unbound::val_clean_additional: true
+unbound::val_log_level: ~
+unbound::val_permissive_mode: false
+unbound::ignore_cd_flag: false
+unbound::serve_expired: false
+unbound::serve_expired_ttl: ~
+unbound::serve_expired_ttl_reset: false
+unbound::serve_expired_reply_ttl: ~
+unbound::serve_expired_client_timeout: ~
+unbound::val_nsec3_keysize_iterations: ~
+unbound::add_holddown: ~
+unbound::del_holddown: ~
+unbound::keep_missing: ~
+unbound::permit_small_holddown: false
+unbound::key_cache_size: ~
+unbound::key_cache_slabs: ~
+unbound::neg_cache_size: ~
+unbound::unblock_lan_zones: false
+unbound::insecure_lan_zones: false
+unbound::local_zone: ~
+unbound::local_data: ~
+unbound::local_data_ptr: ~
+unbound::local_zone_tag: ~
+unbound::local_zone_override: ~
+unbound::ratelimit: ~
+unbound::ratelimit_size: ~
+unbound::ratelimit_slabs: ~
+unbound::ratelimit_factor: ~
+unbound::ratelimit_for_domain: ~
+unbound::ratelimit_below_domain: ~
+unbound::ip_ratelimit: ~
+unbound::ip_ratelimit_size: ~
+unbound::ip_ratelimit_slabs: ~
+unbound::ip_ratelimit_factor: ~
+unbound::fast_server_permil: ~
+unbound::fast_server_num: ~
+
+unbound::confdir: '/etc/unbound'
+unbound::service_name: 'unbound'
+unbound::service_hasstatus: true
+unbound::service_enable: true
+unbound::service_ensure: 'running'
+unbound::package_name: 'unbound'
+unbound::package_ensure: 'installed'
+unbound::package_provider: ~
+unbound::runtime_dir: "%{hiera('unbound::confdir')}"
+unbound::owner: 'unbound'
+unbound::validate_cmd: '/usr/sbin/unbound-checkconf %'
+unbound::restart_cmd: "/bin/systemctl restart %{hiera('unbound::service_name')}"
+
+unbound::forward: {}
+unbound::stub: {}
+unbound::record: {}
+
+unbound::access:
+ - '::1'
+ - '127.0.0.1/8'
+unbound::anchor_fetch_command: "unbound-anchor -a %{hiera('unbound::auto_trust_anchor_file')}"
+unbound::conf_d: "%{hiera('unbound::confdir')}/conf.d"
+unbound::config_file: "%{hiera('unbound::confdir')}/unbound.conf"
+unbound::control_enable: false
+unbound::control_setup_path: '/usr/sbin/unbound-control-setup'
+unbound::control_path: '/usr/sbin/unbound-control'
+unbound::fetch_client: 'wget -O'
+unbound::group: 'unbound'
+unbound::keys_d: "%{hiera('unbound::confdir')}/keys.d"
+unbound::module_config: ~
+unbound::root_hints_url: 'https://www.internic.net/domain/named.root'
+unbound::custom_server_conf: []
+unbound::skip_roothints_download: false
+unbound::python_script: ~
+unbound::dns64_prefix: '64:ff9b::/96'
+unbound::dns64_synthall: false
+unbound::send_client_subnet: ~
+unbound::client_subnet_zone: ~
+unbound::client_subnet_always_forward: false
+unbound::max_client_subnet_ipv6: 56
+unbound::max_client_subnet_ipv4: 24
+unbound::min_client_subnet_ipv6: ~
+unbound::min_client_subnet_ipv4: ~
+unbound::max_ecs_tree_size_ipv4: ~
+unbound::max_ecs_tree_size_ipv6: ~
+unbound::ipsecmod_enabled: true
+unbound::ipsecmod_hook: ~
+unbound::ipsecmod_strict: false
+unbound::ipsecmod_max_ttl: 3600
+unbound::ipsecmod_ignore_bogus: false
+unbound::ipsecmod_whitelist: ~
+unbound::backend: ~
+unbound::secret_seed: default
+unbound::redis_server_host: 127.0.0.1
+unbound::redis_server_port: 6379
+unbound::redis_timeout: 100
+unbound::unbound_conf_d: "%{hiera('unbound::confdir')}/unbound.conf.d"
+unbound::purge_unbound_conf_d: false
diff --git a/hiera.yaml b/hiera.yaml
index 592c1d9..4088d3f 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -10,4 +10,6 @@ hierarchy:
path: "os/%{facts.os.family}/%{facts.os.name}.yaml"
- name: "family"
path: "os/%{facts.os.family}.yaml"
+ - name: "common"
+ path: "common.yaml"
diff --git a/manifests/init.pp b/manifests/init.pp
index 8734b0f..90d6bb4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -7,209 +7,209 @@
# @param hints_file_content
# Contents of the root hints file, if it's not remotely fetched.
class unbound (
- Integer[0,5] $verbosity = 1,
- Optional[Integer] $statistics_interval = undef,
- Boolean $statistics_cumulative = false,
- Boolean $extended_statistics = false,
- Integer[1] $num_threads = 1,
- Integer[0, 65535] $port = 53,
- Array[String[1]] $interface = [],
- Boolean $interface_automatic = false,
- Array[String[1]] $outgoing_interface = [], # version 1.5.10
- Optional[Integer[1]] $outgoing_range = undef,
- Unbound::Range $outgoing_port_permit = '32768-65535',
- Unbound::Range $outgoing_port_avoid = '0-32767',
- Boolean $outgoing_port_permit_first = true,
- Optional[Integer[0]] $outgoing_num_tcp = undef,
- Optional[Integer[0]] $incoming_num_tcp = undef,
- Integer[0,4096] $edns_buffer_size = 1280,
- Optional[Integer[0,65536]] $max_udp_size = undef,
- Optional[Unbound::Size] $stream_wait_size = undef, # version 1.9.0
- Optional[Unbound::Size] $msg_cache_size = undef,
- Optional[Integer] $msg_cache_slabs = undef,
- Optional[Integer] $num_queries_per_thread = undef,
- Optional[Integer[1]] $jostle_timeout = undef,
- Optional[Integer[0]] $delay_close = undef,
- Optional[Integer[1]] $unknown_server_time_limit = undef, # version 1.8.2
- Optional[Unbound::Size] $so_rcvbuf = undef,
- Optional[Unbound::Size] $so_sndbuf = undef,
- Boolean $so_reuseport = false, # Version 1.4.22
- Boolean $ip_transparent = false, # version 1.5.4
- Boolean $ip_freebind = false, # version 1.5.9
- Optional[Unbound::Size] $rrset_cache_size = undef,
- Optional[Integer] $rrset_cache_slabs = undef,
- Optional[Integer] $cache_max_ttl = undef,
- Optional[Integer] $cache_max_negative_ttl = undef,
- Optional[Integer] $cache_min_ttl = undef,
- Optional[Integer] $infra_host_ttl = undef,
- Optional[Integer] $infra_cache_numhosts = undef,
- Optional[Integer] $infra_cache_slabs = undef,
- Optional[Integer] $infra_cache_min_rtt = undef,
- Array[String[1]] $define_tag = [], # version 1.5.10
- Boolean $do_ip4 = true,
- Boolean $do_ip6 = true,
- Boolean $prefer_ip6 = false, # version 1.5.10
- Boolean $do_udp = true,
- Boolean $do_tcp = true,
- Optional[Integer[0]] $tcp_mss = undef, # version 1.5.8
- Optional[Stdlib::Absolutepath] $tls_cert_bundle = undef, # version 1.7.0
- Boolean $tls_upstreami = false, # version 1.7.0
- Optional[Integer[0]] $outgoing_tcp_mss = undef, # version 1.5.8
- Optional[Integer[0]] $tcp_idle_timeout = undef, # version 1.8.0
- Boolean $edns_tcp_keepalive = false, # version 1.8.0
- Optional[Integer[0]] $edns_tcp_keepalive_timeout = undef, # version 1.8.0
- Boolean $tcp_upstream = false,
- Boolean $udp_upstream_without_downstream = false,
- Boolean $ssl_upstream = false, # version 1.7.0
- Optional[Stdlib::Absolutepath] $ssl_service_key = undef, # version 1.7.0
- Optional[Stdlib::Absolutepath] $ssl_service_pem = undef, # version 1.7.0
- Optional[Integer[0,65535]] $ssl_port = undef, # version 1.7.0
- Optional[String[1]] $tls_ciphers = undef, # version 1.9.0
- Optional[String[1]] $tls_ciphersuites = undef, # version 1.9.0
- Boolean $use_systemd = false, # version 1.6.1
- Boolean $do_daemonize = true,
- Hash[String[1], Unbound::Access_control] $access_control = {}, # version 1.5.10
- Optional[Unbound::Chroot] $chroot = undef,
- Optional[Stdlib::Absolutepath] $logfile = undef,
- Optional[String[1]] $log_identity = undef, # version 1.6.0
- Boolean $log_time_ascii = false,
- Boolean $log_queries = false,
- Boolean $log_replies = false, # version 1.6.1
- Boolean $log_tag_queryreply = false, # version 1.9.0
- Boolean $log_local_actions = false, # version 1.8.0
- Boolean $log_servfail = false, # version 1.8.0
- Stdlib::Absolutepath $pidfile = '/var/run/unbound/unbound.pid',
- Boolean $hide_identity = true,
- Optional[String[1]] $identity = undef,
- Boolean $hide_version = true,
- Optional[String[1]] $version = undef,
- Boolean $hide_trustanchor = true, # version 1.6.2
- Array[Integer] $target_fetch_policy = [],
- Boolean $harden_short_bufsize = false,
- Boolean $harden_large_queries = false,
- Boolean $harden_glue = true,
- Boolean $harden_dnssec_stripped = true,
- Boolean $harden_below_nxdomain = true,
- Boolean $harden_referral_path = false,
- Boolean $harden_algo_downgrade = false, # Version 1.5.3
- Boolean $use_caps_for_id = false,
- Array[String[1]] $caps_whitlist = [],
- Boolean $qname_minimisation = false, # version 1.5.7
- Boolean $qname_minimisation_strict = false, # version 1.6.0
- Array[String[1]] $private_address = [],
- Array[String[1]] $private_domain = [],
- Integer[0] $unwanted_reply_threshold = 10000000,
- Array[String[1]] $do_not_query_address = [],
- Boolean $do_not_query_localhost = true,
- Boolean $prefetch = false,
- Boolean $prefetch_key = false,
- Boolean $deny_any = false, # version 1.8.2
- Boolean $rrset_roundrobin = false,
- Boolean $minimal_responses = false,
- Boolean $disable_dnssec_lame_check = false, # version 1.5.9
- Optional[Stdlib::Absolutepath] $trust_anchor_file = undef,
- Array[String[1]] $trust_anchor = [],
- Boolean $trust_anchor_signaling = true, # version 1.6.4
- Array[String[1]] $domain_insecure = [],
- Optional[Integer[1]] $val_sig_skew_min = undef,
- Optional[Integer[1]] $val_sig_skew_max = undef,
- Optional[Integer[1]] $val_bogus_ttl = undef,
- Boolean $val_clean_additional = true,
- Optional[Integer[0,2]] $val_log_level = undef,
- Boolean $val_permissive_mode = false,
- Boolean $ignore_cd_flag = false,
- Boolean $serve_expired = false, # version 1.6.0
- Optional[Integer[0]] $serve_expired_ttl = undef, # version 1.8.0
- Boolean $serve_expired_ttl_reset = false, # version 1.8.0
- Optional[Integer[0]] $serve_expired_reply_ttl = undef, # version 1.8.0
- Optional[Integer[0]] $serve_expired_client_timeout = undef, # version 1.8.0
- Array[Integer[1]] $val_nsec3_keysize_iterations = [],
- Optional[Integer[0]] $add_holddown = undef,
- Optional[Integer[0]] $del_holddown = undef,
- Optional[Integer[0]] $keep_missing = undef,
- Boolean $permit_small_holddown = false, # Version 1.5.5
- Optional[Unbound::Size] $key_cache_size = undef,
- Optional[Integer] $key_cache_slabs = undef,
- Optional[Unbound::Size] $neg_cache_size = undef,
- Boolean $unblock_lan_zones = false,
- Boolean $insecure_lan_zones = false, # version 1.5.8
- Unbound::Local_zone $local_zone = {},
- Optional[Array[String[1]]] $local_data = [],
- Optional[Array[String[1]]] $local_data_ptr = [],
- Hash[String[1], Array[String[1]]] $local_zone_tag = {}, # version 1.5.10
- Hash[String[1], Unbound::Local_zone_override] $local_zone_override = {}, # version 1.5.10
- Optional[Integer[0]] $ratelimit = undef,
- Optional[Unbound::Size] $ratelimit_size = undef,
- Optional[Integer[0]] $ratelimit_slabs = undef,
- Optional[Integer[0]] $ratelimit_factor = undef,
- Hash[String[1], Integer[0]] $ratelimit_for_domain = {},
- Hash[String[1], Integer[0]] $ratelimit_below_domain = {},
- Optional[Integer[0]] $ip_ratelimit = undef, # version 1.6.1
- Optional[Unbound::Size] $ip_ratelimit_size = undef, # version 1.6.1
- Optional[Integer[0]] $ip_ratelimit_slabs = undef, # version 1.6.1
- Optional[Integer[0]] $ip_ratelimit_factor = undef,
- Optional[Integer[0,1000]] $fast_server_permil = undef, # version 1.8.2
- Optional[Integer[1]] $fast_server_num = undef, # version 1.8.2
- Hash $forward = {},
- Hash $stub = {},
- Hash $record = {},
- Array $access = ['::1', '127.0.0.1'],
- String[1] $confdir = '/etc/unbound',
- Stdlib::Absolutepath $directory = $confdir,
- String[1] $conf_d = "${confdir}/conf.d",
- String[1] $config_file = "${confdir}/unbound.conf",
- Boolean $control_enable = false,
- String[1] $control_setup_path = '/usr/sbin/unbound-control-setup',
- String[1] $control_path = '/usr/sbin/unbound-control',
- String[1] $fetch_client = 'wget -O',
- String[1] $group = 'unbound',
- String[1] $keys_d = "${confdir}/keys.d",
- Stdlib::Absolutepath $trusted_keys_file = "${keys_d}/*.key",
- Array[Unbound::Module] $module_config = [],
- String[1] $owner = 'unbound',
- String[1] $username = $owner,
- # OpenBSD sets this to an empty string
- String $package_name = 'unbound',
- String[1] $package_ensure = 'installed',
- Boolean $purge_unbound_conf_d = false,
- String[1] $root_hints_url = 'https://www.internic.net/domain/named.root',
- Stdlib::Absolutepath $runtime_dir = $confdir,
- Stdlib::Absolutepath $auto_trust_anchor_file = "${runtime_dir}/root.key",
- String[1] $anchor_fetch_command = "unbound-anchor -a ${auto_trust_anchor_file}",
- String[1] $service_name = 'unbound',
- Boolean $service_hasstatus = true,
- Enum['running', 'stopped'] $service_ensure = 'running',
- Boolean $service_enable = true,
- String[1] $validate_cmd = '/usr/sbin/unbound-checkconf %',
- String[1] $restart_cmd = "/bin/systemctl restart ${service_name}",
- Array[String[1]] $custom_server_conf = [],
- Boolean $skip_roothints_download = false,
- Optional[Stdlib::Absolutepath] $python_script = undef,
- String[1] $dns64_prefix = '64:ff9b::/96',
- Boolean $dns64_synthall = false,
- Array[String[1]] $send_client_subnet = [],
- Array[String[1]] $client_subnet_zone = [],
- Boolean $client_subnet_always_forward = false,
- Integer[0,128] $max_client_subnet_ipv6 = 56,
- Integer[0,32] $max_client_subnet_ipv4 = 24,
- Optional[Integer[0,128]] $min_client_subnet_ipv6 = undef, # version 1.8.2
- Optional[Integer[0,32]] $min_client_subnet_ipv4 = undef, # version 1.8.2
- Optional[Integer[0]] $max_ecs_tree_size_ipv4 = undef, # version 1.8.2
- Optional[Integer[0]] $max_ecs_tree_size_ipv6 = undef, # version 1.8.2
- Boolean $ipsecmod_enabled = true,
- Optional[Stdlib::Absolutepath] $ipsecmod_hook = undef,
- Boolean $ipsecmod_strict = false,
- Integer[1] $ipsecmod_max_ttl = 3600,
- Boolean $ipsecmod_ignore_bogus = false,
- Array[String[1]] $ipsecmod_whitelist = [],
- Optional[String[1]] $backend = undef,
- String[1] $secret_seed = 'default',
- String[1] $redis_server_host = '127.0.0.1',
- Integer[1,65536] $redis_server_port = 6379,
- Integer[1] $redis_timeout = 100,
- Stdlib::Absolutepath $unbound_conf_d = "${confdir}/unbound.conf.d",
- Unbound::Hints_file $hints_file = "${confdir}/root.hints",
- Optional[String[1]] $hints_file_content = undef,
+ Integer[0,5] $verbosity,
+ Optional[Integer] $statistics_interval,
+ Boolean $statistics_cumulative,
+ Boolean $extended_statistics,
+ Integer[1] $num_threads,
+ Integer[0, 65535] $port,
+ Optional[Array[String]] $interface,
+ Boolean $interface_automatic,
+ Optional[Array[String]] $outgoing_interface, # version 1.5.10
+ Optional[Integer[1]] $outgoing_range,
+ Unbound::Range $outgoing_port_permit,
+ Unbound::Range $outgoing_port_avoid,
+ Boolean $outgoing_port_permit_first,
+ Optional[Integer[0]] $outgoing_num_tcp,
+ Optional[Integer[0]] $incoming_num_tcp,
+ Integer[0,4096] $edns_buffer_size,
+ Optional[Integer[0,65536]] $max_udp_size,
+ Optional[Unbound::Size] $stream_wait_size, # version 1.9.0
+ Optional[Unbound::Size] $msg_cache_size,
+ Optional[Integer] $msg_cache_slabs,
+ Optional[Integer] $num_queries_per_thread,
+ Optional[Integer[1]] $jostle_timeout,
+ Optional[Integer[0]] $delay_close,
+ Optional[Integer[1]] $unknown_server_time_limit, # version 1.8.2
+ Optional[Unbound::Size] $so_rcvbuf,
+ Optional[Unbound::Size] $so_sndbuf,
+ Boolean $so_reuseport, # Version 1.4.22
+ Boolean $ip_transparent, # version 1.5.4
+ Boolean $ip_freebind, # version 1.5.9
+ Optional[Unbound::Size] $rrset_cache_size,
+ Optional[Integer] $rrset_cache_slabs,
+ Optional[Integer] $cache_max_ttl,
+ Optional[Integer] $cache_max_negative_ttl,
+ Optional[Integer] $cache_min_ttl,
+ Optional[Integer] $infra_host_ttl,
+ Optional[Integer] $infra_cache_numhosts,
+ Optional[Integer] $infra_cache_slabs,
+ Optional[Integer] $infra_cache_min_rtt,
+ Optional[Array[String]] $define_tag, # version 1.5.10
+ Boolean $do_ip4,
+ Boolean $do_ip6,
+ Boolean $prefer_ip6, # version 1.5.10
+ Boolean $do_udp,
+ Boolean $do_tcp,
+ Optional[Integer[0]] $tcp_mss, # version 1.5.8
+ Optional[Stdlib::Absolutepath] $tls_cert_bundle, # version 1.7.0
+ Boolean $tls_upstream, # version 1.7.0
+ Optional[Integer[0]] $outgoing_tcp_mss, # version 1.5.8
+ Optional[Integer[0]] $tcp_idle_timeout, # version 1.8.0
+ Boolean $edns_tcp_keepalive, # version 1.8.0
+ Optional[Integer[0]] $edns_tcp_keepalive_timeout, # version 1.8.0
+ Boolean $tcp_upstream,
+ Boolean $udp_upstream_without_downstream,
+ Boolean $ssl_upstream, # version 1.7.0
+ Optional[Stdlib::Absolutepath] $ssl_service_key, # version 1.7.0
+ Optional[Stdlib::Absolutepath] $ssl_service_pem, # version 1.7.0
+ Optional[Integer[0,65535]] $ssl_port, # version 1.7.0
+ Optional[String] $tls_ciphers, # version 1.9.0
+ Optional[String] $tls_ciphersuites, # version 1.9.0
+ Boolean $use_systemd, # version 1.6.1
+ Boolean $do_daemonize,
+ Optional[Hash[String, Unbound::Access_control]] $access_control, # version 1.5.10
+ Optional[Variant[Enum[''],Stdlib::Absolutepath]] $chroot,
+ Optional[String] $username,
+ Stdlib::Absolutepath $directory,
+ Optional[Stdlib::Absolutepath] $logfile,
+ Optional[String] $log_identity, # version 1.6.0
+ Boolean $log_time_ascii,
+ Boolean $log_queries,
+ Boolean $log_replies, # version 1.6.1
+ Boolean $log_tag_queryreply, # version 1.9.0
+ Boolean $log_local_actions, # version 1.8.0
+ Boolean $log_servfail, # version 1.8.0
+ Optional[Stdlib::Absolutepath] $pidfile,
+ Boolean $hide_identity,
+ Optional[String] $identity,
+ Boolean $hide_version,
+ Optional[String] $version,
+ Boolean $hide_trustanchor, # version 1.6.2
+ Optional[Array[Integer]] $target_fetch_policy,
+ Boolean $harden_short_bufsize,
+ Boolean $harden_large_queries,
+ Boolean $harden_glue,
+ Boolean $harden_dnssec_stripped,
+ Boolean $harden_below_nxdomain,
+ Boolean $harden_referral_path,
+ Boolean $harden_algo_downgrade, # Version 1.5.3
+ Boolean $use_caps_for_id,
+ Optional[Array[String]] $caps_whitlist,
+ Boolean $qname_minimisation, # version 1.5.7
+ Boolean $qname_minimisation_strict, # version 1.6.0
+ Optional[Array[String]] $private_address,
+ Optional[Array[String]] $private_domain,
+ Integer[0] $unwanted_reply_threshold,
+ Optional[Array[String]] $do_not_query_address,
+ Boolean $do_not_query_localhost,
+ Boolean $prefetch,
+ Boolean $prefetch_key,
+ Boolean $deny_any, # version 1.8.2
+ Boolean $rrset_roundrobin,
+ Boolean $minimal_responses,
+ Boolean $disable_dnssec_lame_check, # version 1.5.9
+ Optional[Stdlib::Absolutepath] $trust_anchor_file,
+ Stdlib::Absolutepath $auto_trust_anchor_file,
+ Optional[Array[String]] $trust_anchor,
+ Stdlib::Absolutepath $trusted_keys_file,
+ Boolean $trust_anchor_signaling, # version 1.6.4
+ Optional[Array[String]] $domain_insecure,
+ Optional[Integer[1]] $val_sig_skew_min,
+ Optional[Integer[1]] $val_sig_skew_max,
+ Optional[Integer[1]] $val_bogus_ttl,
+ Boolean $val_clean_additional,
+ Optional[Integer[0,2]] $val_log_level,
+ Boolean $val_permissive_mode,
+ Boolean $ignore_cd_flag,
+ Boolean $serve_expired, # version 1.6.0
+ Optional[Integer[0]] $serve_expired_ttl, # version 1.8.0
+ Boolean $serve_expired_ttl_reset, # version 1.8.0
+ Optional[Integer[0]] $serve_expired_reply_ttl, # version 1.8.0
+ Optional[Integer[0]] $serve_expired_client_timeout, # version 1.8.0
+ Optional[Array[Integer[1]]] $val_nsec3_keysize_iterations,
+ Optional[Integer[0]] $add_holddown,
+ Optional[Integer[0]] $del_holddown,
+ Optional[Integer[0]] $keep_missing,
+ Boolean $permit_small_holddown, # Version 1.5.5
+ Optional[Unbound::Size] $key_cache_size,
+ Optional[Integer] $key_cache_slabs,
+ Optional[Unbound::Size] $neg_cache_size,
+ Boolean $unblock_lan_zones,
+ Boolean $insecure_lan_zones, # version 1.5.8
+ Optional[Unbound::Local_zone] $local_zone,
+ Optional[Array[String]] $local_data,
+ Optional[Array[String]] $local_data_ptr,
+ Optional[Hash[String, Array[String]]] $local_zone_tag, # version 1.5.10
+ Optional[Hash[String, Unbound::Local_zone_override]] $local_zone_override, # version 1.5.10
+ Optional[Integer[0]] $ratelimit,
+ Optional[Unbound::Size] $ratelimit_size,
+ Optional[Integer[0]] $ratelimit_slabs,
+ Optional[Integer[0]] $ratelimit_factor,
+ Optional[Hash[String,Integer[0]]] $ratelimit_for_domain,
+ Optional[Hash[String,Integer[0]]] $ratelimit_below_domain,
+ Optional[Integer[0]] $ip_ratelimit, # version 1.6.1
+ Optional[Unbound::Size] $ip_ratelimit_size, # version 1.6.1
+ Optional[Integer[0]] $ip_ratelimit_slabs, # version 1.6.1
+ Optional[Integer[0]] $ip_ratelimit_factor,
+ Optional[Integer[0,1000]] $fast_server_permil, # version 1.8.2
+ Optional[Integer[1]] $fast_server_num, # version 1.8.2
+ Hash $forward,
+ Hash $stub,
+ Hash $record,
+ Array $access,
+ String $anchor_fetch_command,
+ String $conf_d,
+ String $confdir,
+ String $config_file,
+ Boolean $control_enable,
+ String $control_setup_path,
+ String $control_path,
+ String $fetch_client,
+ String $group,
+ String $keys_d,
+ Optional[Array[Unbound::Module]] $module_config,
+ String $owner,
+ String $package_name,
+ Optional[String] $package_provider,
+ String $package_ensure,
+ Boolean $purge_unbound_conf_d,
+ String $root_hints_url,
+ Stdlib::Absolutepath $runtime_dir,
+ String $service_name,
+ Boolean $service_hasstatus,
+ Enum['running', 'stopped'] $service_ensure,
+ Boolean $service_enable,
+ String $validate_cmd,
+ String $restart_cmd,
+ Array[String] $custom_server_conf,
+ Boolean $skip_roothints_download,
+ Optional[Stdlib::Absolutepath] $python_script,
+ Optional[String] $dns64_prefix,
+ Boolean $dns64_synthall,
+ Optional[Array[String]] $send_client_subnet,
+ Optional[Array[String]] $client_subnet_zone,
+ Boolean $client_subnet_always_forward,
+ Integer[0,128] $max_client_subnet_ipv6,
+ Integer[0,32] $max_client_subnet_ipv4,
+ Optional[Integer[0,128]] $min_client_subnet_ipv6, # version 1.8.2
+ Optional[Integer[0,32]] $min_client_subnet_ipv4, # version 1.8.2
+ Optional[Integer[0]] $max_ecs_tree_size_ipv4, # version 1.8.2
+ Optional[Integer[0]] $max_ecs_tree_size_ipv6, # version 1.8.2
+ Boolean $ipsecmod_enabled,
+ Optional[Stdlib::Absolutepath] $ipsecmod_hook,
+ Boolean $ipsecmod_strict,
+ Integer[1] $ipsecmod_max_ttl,
+ Boolean $ipsecmod_ignore_bogus,
+ Optional[Array[String]] $ipsecmod_whitelist,
+ Optional[String] $backend,
+ String $secret_seed,
+ String $redis_server_host,
+ Integer[1,65536] $redis_server_port,
+ Integer[1] $redis_timeout,
+ Stdlib::Absolutepath $unbound_conf_d,
+ Variant[Enum['builtin'], Stdlib::Absolutepath] $hints_file = "${confdir}/root.hints",
+ Optional[String[1]] $hints_file_content = undef,
) {
$_base_dirs = [$confdir, $conf_d, $keys_d, $runtime_dir]
$_piddir = if $pidfile { dirname($pidfile) } else { undef }