rlm_unbound(5) | FreeRADIUS Module | rlm_unbound(5) |
rlm_unbound - FreeRADIUS Module
Each instance of rlm_unbound provides an embedded DNS client for performing DNS lookups. Each instance may be configured separately to query different DNS horizons, change DNSSEC options, etc.
The module is primarily intended for use by other modules through internal APIs, and so, instances should be initialized earlier than those modules which use them. Each instance does also provide some xlat functionalities for general use and for troubleshooting.
Each instance of rlm_unbound may take the following parameters:
An instance named, for example, "dns" will provide the following xlat functionalities:
Logging from rlm_unbound can be problematic, especialy if more than one instantiation of the module is used. This is due to the need for additional features in the underlying libunbound which hopefully will be enhanced over time.
There is a potential for a FreeRADIUS server using rlm_unbound to either fail to terminate cleanly (leaving zombie processes, failing to clean up other modules, and hanging after a SIGTERM until a SIGKILL is sent) or to fail valgrind checks during termination when run with -m. Likewise this problem will rely on upstream enhancements before it can be fixed, and the exact behavior may change in interim releases until then.
The logging behavior of rlm_unbound may vary depending on whether FreeRADIUS is compiled with support for threads.
/etc/freeradius/3.0/modules-available/rlm_unbound /etc/freeradius/3.0/modules-config/unbound/
radiusd(8), radiusd.conf(5) libunbound(3) unbound.conf(5)
Brian S. Julin, bjulin@clarku.edu
8 July 2013 |