← Back to index

opnsense_unbound_forward (Resource)

Query Forwarding section allows for entering arbitrary nameservers to forward queries to. Can forward queries normally, or over TLS.

Example Usage

// Query Forward
resource "opnsense_unbound_forward" "query" {
  domain = "example.lan"
  server_ip = "192.168.1.2"
  server_port = 853
}

// DoT forward
resource "opnsense_unbound_forward" "dot" {
  enabled = false
  type = "dot"

  domain = "example.dev"
  server_ip = "192.168.1.1"
  server_port = 53
  verify_cn = "example.dev"
}

Schema

Required

  • domain (String) If a domain is entered here, queries for this specific domain will be forwarded to the specified server. Set to "" to forward all queries to the specified server.
  • server_ip (String) IP address of DNS server to forward all requests.

Optional

  • enabled (Boolean) Enable this query forward. Defaults to true.
  • server_port (Number) Port of DNS server, for usual DNS use 53, if you use DoT set it to 853. Defaults to 53.
  • verify_cn (String) The Common Name of the DNS server (e.g. dns.example.com). This field is required to verify its TLS certificate. DNS-over-TLS is susceptible to man-in-the-middle attacks unless certificates can be verified. Set to "" to accept self-signed yet also potentially fraudulent certificates. Must be set when type is dot.

Read-Only

  • id (String) UUID of the forward.

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_unbound_forward using the id. For example:

import {
  to = opnsense_unbound_forward.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_unbound_forward using the id. For example:

% terraform import opnsense_unbound_forward.example <opnsense-resource-id>