blob: 15830283e2dd52c8936edadefbdb3f66ec297794 [file] [log] [blame]
# unbound.conf (configured by Ansible)
server:
{% for cidr_ipv4 in unbound_interfaces %}
interface: {{ cidr_ipv4 | ipaddr('address') }}
{% endfor %}
verbosity: 1
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
# allow from localhost
access-control: 127.0.0.0/24 allow
# allow from local networks
{% for cidr_ipv4 in unbound_interfaces %}
access-control: {{ cidr_ipv4 | ipaddr('network') }}/28 allow
{% endfor %}
{% if nsd_zones is defined %}
# allow unbound to query localhost, where nsd is listening
do-not-query-localhost: no
# allow reverse queries for RFC1918 addresses
{% for zone in nsd_zones %}
local-zone: "{{ zone.name_reverse_unbound }}." nodefault
{% endfor %}
# stub-zones zones that nsd is serving
{% for zone in nsd_zones %}
stub-zone:
name: "{{ zone.name }}"
stub-addr: {{ nsd_ip | default("127.0.0.1") }}
stub-zone:
name: "{{ zone.name_reverse_unbound }}."
stub-addr: {{ nsd_ip | default("127.0.0.1") }}
{% endfor %}
{% endif %}