Unbound Recursive DNS Server
Minimum ansible version: 2.9.5
By default unbound will listen on 127.0.0.1:53, which conflicts with NSD if running on the same system. You must set unbound_listen_default (listens on the Ansible default interface IPv4 address) or unbound_listen_ips (list of IP addresses to listen on, must be plumbed through or unbound will not start) if you wish to run this on the same host as NSD.
By default, unbound will only allow queries from the local machine (127.0.0.0/24). To allow other IP ranges to connect, either set unbound_allow_all (allows all IPs, not recommended unless on a trusted network), or unbound_allow_ips (list of IP addresses with CIDR mask) to allow queries from.
Both the dns_forward_zones and dns_reverse_zones structures are used to determine the stub-zone configuration. Previous versions of this role allowed for using IP addresses from the dns_forward_zones or dns_zones structures to determine allowed and listening IP addresses. This is no longer supported.
If you're using a network that already has DNS servers, or you want to use specific DNS servers external to the network you can specify the zones they forward for using unbound_forward_zones, and supplying which DNS zones you want to use. . as the zone name means the global zone.
unbound_forward_zones:
- name: "."
servers:
- "8.8.8.8"
- "8.8.4.4"
Also set unbound_reverse_zones if you want to allow lookups against other RFC1918 ip ranges - by default Unbound will reply with NXDOMAIN for reverse lookups of addresses in those ranges.
- hosts: all roles: - unbound
© 2020 Open Networking Foundation support@opennetworking.org
License: Apache-2.0