Zack Williams | 99adf6b | 2016-03-14 17:01:08 -0700 | [diff] [blame] | 1 | # unbound.conf (configured by Ansible) |
| 2 | |
| 3 | server: |
| 4 | {% for cidr_ipv4 in unbound_interfaces %} |
| 5 | interface: {{ cidr_ipv4 | ipaddr('address') }} |
| 6 | {% endfor %} |
| 7 | verbosity: 1 |
| 8 | port: 53 |
| 9 | do-ip4: yes |
| 10 | do-udp: yes |
| 11 | do-tcp: yes |
| 12 | |
| 13 | # allow from localhost |
| 14 | access-control: 127.0.0.0/24 allow |
| 15 | |
| 16 | # allow from local networks |
| 17 | {% for cidr_ipv4 in unbound_interfaces %} |
Zack Williams | ef434f8 | 2016-04-07 17:15:39 -0700 | [diff] [blame] | 18 | access-control: {{ cidr_ipv4 }} allow |
Zack Williams | 99adf6b | 2016-03-14 17:01:08 -0700 | [diff] [blame] | 19 | {% endfor %} |
| 20 | |
| 21 | {% if nsd_zones is defined %} |
| 22 | # allow unbound to query localhost, where nsd is listening |
| 23 | do-not-query-localhost: no |
| 24 | |
| 25 | # allow reverse queries for RFC1918 addresses |
| 26 | {% for zone in nsd_zones %} |
| 27 | local-zone: "{{ zone.name_reverse_unbound }}." nodefault |
| 28 | {% endfor %} |
| 29 | |
| 30 | # stub-zones zones that nsd is serving |
| 31 | {% for zone in nsd_zones %} |
| 32 | stub-zone: |
| 33 | name: "{{ zone.name }}" |
| 34 | stub-addr: {{ nsd_ip | default("127.0.0.1") }} |
| 35 | |
| 36 | stub-zone: |
| 37 | name: "{{ zone.name_reverse_unbound }}." |
| 38 | stub-addr: {{ nsd_ip | default("127.0.0.1") }} |
| 39 | |
| 40 | {% endfor %} |
| 41 | {% endif %} |
| 42 | |