libunbound for Prosody

This is a drop-in replacement for Prosodys internal DNS library.


These modules have been merged into Prosody and these installation steps will no longer be needed after the 0.12 release.

Why use it

This module can be used with mod_s2s_auth_dane to support secure delegation and for DANE.

DNS commands in the prosody telnet console will also show DNSSEC status.


TBD pending repository split.


luaunbound can be installed using LuaRocks

luarocks install luaunbound

Alternatively, LuaJIT is used, a FFI version can be used:

luarocks install luaunbound-ffi


./ > use_unbound.lua


  1. Put use_unbound.lua in /etc/prosody or where your prosody.cfg.lua lives.

  2. In the global section of your prosody.cfg.lua, add the following:

    RunScript “use_unbound.lua”

  3. Then start Prosody.

  4. If you have debug logging enabled, you should see logs from ‘unbound’ about lookups performed.


The defaults should be sane, but should you wish to override them you can set options like this:

unbound = {
  resolvconf = "/etc/resolv.conf";
  trustfile = "/usr/share/dns/root.ds";

See luaunbound documentation for more info.


API-compatible with prosodys net.adns DNS library.
DNS parsing library.

util.dns API

The most interesting part of util.dns is probably the RR parsers, available in the parsers table on the module. For example, to parse an A record, dns.parsers.A(data) returns a formatted IPv4 address. Parsers return either a string for simple types or a table for more complicated types, such as SOA, MX or SRV.

  • The classes, types, errors and params tables map various DNS parameters to string names.
  • classes and types map integer types to names and vice versa.
  • errors maps the rcode integer to an abbreviated error name, and that name to a friendlier message.
  • Finally, params contain symbolic names for some record types.