libunbound for Prosody

This is a drop-in replacement for Prosodys internal DNS library.

Why use it

This module can be used with mod_s2s_auth_dane to support secure delegation and for DANE.

DNS commands in the prosody telnet console will also show DNSSEC status.

Downloading

TBD pending repository split.

Dependencies

luaunbound can be installed using LuaRocks

luarocks install luaunbound

Alternatively, LuaJIT is used, a FFI version can be used:

luarocks install luaunbound-ffi

Building

./squish.sh > use_unbound.lua

Installation

  1. Put use_unbound.lua in /etc/prosody or where your prosody.cfg.lua lives.

  2. In the global section of your prosody.cfg.lua, add the following:

    RunScript “use_unbound.lua”

  3. Then start Prosody.
  4. If you have debug logging enabled, you should see logs from ‘unbound’ about lookups performed.

Configuration

The defaults should be sane, but should you wish to override them you can set options like this:

unbound = {
  resolvconf = "/etc/resolv.conf";
  trustfile = "/usr/share/dns/root.ds";
}

See luaunbound documentation for more info.

Modules

net.unbound
API-compatible with prosodys net.adns DNS library.
util.dns
DNS parsing library.

util.dns API

The most interesting part of util.dns is probably the RR parsers, available in the parsers table on the module. For example, to parse an A record, dns.parsers.A(data) returns a formatted IPv4 address. Parsers return either a string for simple types or a table for more complicated types, such as SOA, MX or SRV.