other places where bridge name was used
diff --git a/roles/dns-unbound/templates/unbound.conf.j2 b/roles/dns-unbound/templates/unbound.conf.j2
index 2e1c89f..ff5ccbd 100644
--- a/roles/dns-unbound/templates/unbound.conf.j2
+++ b/roles/dns-unbound/templates/unbound.conf.j2
@@ -1,9 +1,14 @@
# unbound.conf (configured by Ansible)
server:
- {% for cidr_ipv4 in unbound_interfaces %}
+{% if unbound_listen_on_default %}
+ interface: {{ ansible_default_ipv4.address }}
+{% endif %}
+{% if unbound_interfaces is defined %}
+{% for cidr_ipv4 in unbound_interfaces %}
interface: {{ cidr_ipv4 | ipaddr('address') }}
- {% endfor %}
+{% endfor %}
+{% endif %}
verbosity: 1
port: 53
do-ip4: yes
@@ -13,10 +18,17 @@
# allow from localhost
access-control: 127.0.0.0/24 allow
+{% if unbound_listen_on_default %}
+ # allow from default interfaces
+ access-control: {{ ansible_default_ipv4.address }}/{{ (ansible_default_ipv4.address ~ "/" ~ ansible_default_ipv4.netmask) | ipaddr('prefix') }} allow
+{% endif %}
+
+{% if unbound_interfaces is defined %}
# allow from local networks
- {% for cidr_ipv4 in unbound_interfaces %}
+{% for cidr_ipv4 in unbound_interfaces %}
access-control: {{ cidr_ipv4 }} allow
- {% endfor %}
+{% endfor %}
+{% endif %}
{% if nsd_zones is defined %}
# allow unbound to query localhost, where nsd is listening