added roles for NSD and Unbound dns servers
diff --git a/roles/dns-unbound/templates/unbound.conf.j2 b/roles/dns-unbound/templates/unbound.conf.j2
new file mode 100644
index 0000000..1583028
--- /dev/null
+++ b/roles/dns-unbound/templates/unbound.conf.j2
@@ -0,0 +1,42 @@
+# unbound.conf (configured by Ansible)
+
+server:
+ {% for cidr_ipv4 in unbound_interfaces %}
+ interface: {{ cidr_ipv4 | ipaddr('address') }}
+ {% endfor %}
+ verbosity: 1
+ port: 53
+ do-ip4: yes
+ do-udp: yes
+ do-tcp: yes
+
+ # allow from localhost
+ access-control: 127.0.0.0/24 allow
+
+ # allow from local networks
+ {% for cidr_ipv4 in unbound_interfaces %}
+ access-control: {{ cidr_ipv4 | ipaddr('network') }}/28 allow
+ {% endfor %}
+
+{% if nsd_zones is defined %}
+# allow unbound to query localhost, where nsd is listening
+do-not-query-localhost: no
+
+# allow reverse queries for RFC1918 addresses
+{% for zone in nsd_zones %}
+local-zone: "{{ zone.name_reverse_unbound }}." nodefault
+{% endfor %}
+
+# stub-zones zones that nsd is serving
+{% for zone in nsd_zones %}
+stub-zone:
+ name: "{{ zone.name }}"
+ stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+
+stub-zone:
+ name: "{{ zone.name_reverse_unbound }}."
+ stub-addr: {{ nsd_ip | default("127.0.0.1") }}
+
+{% endfor %}
+{% endif %}
+