1rlm_unbound(5)                 FreeRADIUS Module                rlm_unbound(5)
2
3
4

NAME

6       rlm_unbound - FreeRADIUS Module
7

DESCRIPTION

9       Each  instance  of rlm_unbound provides an embedded DNS client for per‐
10       forming DNS lookups.  Each instance may  be  configured  separately  to
11       query different DNS horizons, change DNSSEC options, etc.
12
13       The  module  is primarily intended for use by other modules through in‐
14       ternal APIs, and so, instances should be initialized earlier than those
15       modules  which  use  them.   Each  instance does also provide some xlat
16       functionalities for general use and for troubleshooting.
17
18       Each instance of rlm_unbound may take the following parameters:
19
20       filename
21              This file must exist and must point to a valid  libunbound  con‐
22              figuration  file.   The  default  is ${raddbdir}/mods-config/un‐
23              bound/default.conf.
24
25       timeout
26              While libunbound provides an asyncronous API for  internal  use,
27              using  any xlat is done syncronously from the perspective of un‐
28              lang.  This value limits the amount of time a request will  wait
29              for DNS to respond, after which the xlat will fail.  The default
30              is 3000 milliseconds.  This setting is independent of any libun‐
31              bound configuration values.
32
33       resolvconf
34              Full  path  of a resolv.conf file to load resolver details from.
35              If this is not set then libunbound will query root DNS servers.
36
37       hosts  Full path of a hosts file to load.  This  provides  a  mechanism
38              for  local  overrides to names which would otherwise not resolve
39              or need different results to those which a DNS resolution  would
40              provide.
41
42       An  instance  named, for example, "dns" will provide the following xlat
43       functionalities:
44
45       %{dns-a:<owner>}
46              Performs an A lookup for the owner name, returning a stringified
47              IPv4  address.  Only the first A record in the RRSET will be re‐
48              turned.
49
50       %{dns-aaaa:<owner>}
51              Performs an AAAA lookup for the owner name, returning a stringi‐
52              fied IPv6 address.  Only the first AAAA record in the RRSET will
53              be returned.
54
55       %{dns-ptr:<owner>}
56              Performs a PTR lookup for the owner.
57

CAVEATS

59       Logging from rlm_unbound can be problematic, especialy if more than one
60       instantiation of the module is used.  This is due to the need for addi‐
61       tional features in the underlying libunbound which  hopefully  will  be
62       enhanced over time.
63
64       There  is  a potential for a FreeRADIUS server using rlm_unbound to ei‐
65       ther fail to terminate cleanly (leaving zombie  processes,  failing  to
66       clean  up other modules, and hanging after a SIGTERM until a SIGKILL is
67       sent) or to fail valgrind checks during termination when run  with  -m.
68       Likewise  this problem will rely on upstream enhancements before it can
69       be fixed, and the exact behavior may change in interim  releases  until
70       then.
71
72       The  logging  behavior  of  rlm_unbound  may  vary depending on whether
73       FreeRADIUS is compiled with support for threads.
74

FILES

76       /etc/raddb/modules-available/rlm_unbound  /etc/raddb/modules-config/un‐
77       bound/
78

SEE ALSO

80       radiusd(8), radiusd.conf(5) libunbound(3) unbound.conf(5)
81

AUTHOR

83       Brian S. Julin, bjulin@clarku.edu
84
85
86
87
88                                  8 July 2013                   rlm_unbound(5)
Impressum