Configure unbound forwarders unless we are recursive

diff --git a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
index f084050..04da080 100644 (file)
--- a/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
+++ b/modules/puppetmaster/lib/puppet/parser/functions/nodeinfo.rb
@@ -32,6 +32,17 @@ module Puppet::Parser::Functions
       end
     end
 
+    if not nodeinfo['hoster']['nameservers'] or nodeinfo['hoster']['nameservers'].empty?
+      # no nameservers known for this hoster
+      results['misc']['resolver-recursive'] = true
+    elsif (nodeinfo['hoster']['nameservers'] & nodeinfo['misc']['v4addrs']).size > 0 or
+          (nodeinfo['hoster']['nameservers'] & nodeinfo['misc']['v6addrs']).size > 0
+      # this host is listed as a nameserver at this location
+      results['misc']['resolver-recursive'] = true
+    else
+      results['misc']['resolver-recursive'] = false
+    end
+
     return(results)
   end
 end

diff --git a/modules/unbound/templates/unbound.conf.erb b/modules/unbound/templates/unbound.conf.erb
index 3561049..ebda9f8 100644 (file)
--- a/modules/unbound/templates/unbound.conf.erb
+++ b/modules/unbound/templates/unbound.conf.erb
@@ -54,7 +54,17 @@ server:
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
 
-#forward-zone:
-#      name: "."
-#      forward-addr: 192.0.2.1
-#      forward-addr: 192.0.2.199
+<%=
+       out = []
+       unless results['misc']['resolver-recursive']
+               forwarders = nodeinfo['hoster']['nameservers']
+               forwarders ||= []
+
+               out << 'forward-zone:'
+               out << '        name: "."'
+               forwarders.each do |ns|
+                       out << "        forward-addr: #{ns}"
+               end
+       end
+       out.join("\n")
+%>