blob: 15830283e2dd52c8936edadefbdb3f66ec297794 [file] [log] [blame]
Zack Williams99adf6b2016-03-14 17:01:08 -07001# unbound.conf (configured by Ansible)
2
3server:
4 {% for cidr_ipv4 in unbound_interfaces %}
5 interface: {{ cidr_ipv4 | ipaddr('address') }}
6 {% endfor %}
7 verbosity: 1
8 port: 53
9 do-ip4: yes
10 do-udp: yes
11 do-tcp: yes
12
13 # allow from localhost
14 access-control: 127.0.0.0/24 allow
15
16 # allow from local networks
17 {% for cidr_ipv4 in unbound_interfaces %}
18 access-control: {{ cidr_ipv4 | ipaddr('network') }}/28 allow
19 {% endfor %}
20
21{% if nsd_zones is defined %}
22# allow unbound to query localhost, where nsd is listening
23do-not-query-localhost: no
24
25# allow reverse queries for RFC1918 addresses
26{% for zone in nsd_zones %}
27local-zone: "{{ zone.name_reverse_unbound }}." nodefault
28{% endfor %}
29
30# stub-zones zones that nsd is serving
31{% for zone in nsd_zones %}
32stub-zone:
33 name: "{{ zone.name }}"
34 stub-addr: {{ nsd_ip | default("127.0.0.1") }}
35
36stub-zone:
37 name: "{{ zone.name_reverse_unbound }}."
38 stub-addr: {{ nsd_ip | default("127.0.0.1") }}
39
40{% endfor %}
41{% endif %}
42