Add forward zones config
Change-Id: Ic42b37e1373d057b1559de321dd7ab9211defe06
diff --git a/README.md b/README.md
index 6a86ad7..1e8d982 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,22 @@
Minimum ansible version: 2.9.5
-## Defaults
+## Configuration
+
+
+
+If you're using a network that already has DNS servers, or you want to use
+specific DNS servers external to the network you can specify the zones they
+forward for using `unbound_forward_zones`, and supplying which DNS zones you
+want to use. `.` as the zone name means the global zone.
+
+```
+unbound_forward_zones:
+ - name: "."
+ servers:
+ - "8.8.8.8"
+ - "8.8.4.4"
+```
## Example Playbook
diff --git a/defaults/main.yml b/defaults/main.yml
index 5ab724c..bf988ec 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,5 +17,8 @@
# IP of authoritative nameserver that serves stub zones
unbound_authoritative_server_ip: "127.0.0.1"
+# Forwarders
+unbound_forward_zones: []
+
# DNS zones
dns_zones: {}
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 4da1cc0..435ea97 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -37,5 +37,9 @@
lpr: printer.example.com.
srv: {}
txt: {}
+ unbound_forward_zones:
+ - name: "."
+ servers:
+ - "8.8.8.8"
verifier:
name: ansible
diff --git a/templates/unbound.conf.j2 b/templates/unbound.conf.j2
index a1b9be7..dd23b95 100644
--- a/templates/unbound.conf.j2
+++ b/templates/unbound.conf.j2
@@ -89,3 +89,13 @@
{% endfor %}
{% endif %}
+{% if unbound_forward_zones %}
+{% for fz in unbound_forward_zones %}
+forward-zone:
+ name: "{{ fz.name | default('.') }}"
+{% for fza in fz.servers %}
+ forward-addr: {{ fza }}
+{% endfor %}
+{% endfor %}
+
+{% endif %}