full-dns/templates/unbound.conf.j2

# handled by ansible

server:
  verbosity: {{ dns_server.verbosity }}
  do-not-query-localhost: no
  directory: "/etc/unbound"
  username: unbound
  pidfile: "/run/unbound.pid"
  {% if server.public_ip is defined %}
  do-ip4: yes
  interface: 0.0.0.0
  access-control: 0.0.0.0/0 allow
  {% else %}
  do-ip4: no
  {% endif -%}
  {% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}
  do-ip6: yes
  interface: ::0
  access-control: ::0/0 allow_snoop
  {% else %}
  do-ip6: no
  {% endif -%}
  {% if server.verbosity is defined -%}
  verbosity: {{ server.verbosity }}
  {% endif -%}
  tls-win-cert: yes

  {% for zone in zones -%}
  auth-zone:
    name: {{ zone.name }}.
    master: {{ server.nsd_addr }}@{{ server.nsd_port }}
  {% endfor %}

  forward-zone:
    name: "."
    forward-host: dns.google#853
    forward-tls-upstream: yes


# vim: set syntax=yaml et sw=0 ts=2 sts=0:
Init 2020-08-03 19:25:51 +02:00			`# handled by ansible`

			`server:`
			`verbosity: {{ dns_server.verbosity }}`
			`do-not-query-localhost: no`
			`directory: "/etc/unbound"`
			`username: unbound`
			`pidfile: "/run/unbound.pid"`
Update configuration and logic. Support ipv6. Now ipv6 is supported using `public_ipv6` in the `server` block and refactoring the configuration logic. Also fix unbound configuration to allow recursive queries from resolvers. 2020-08-19 18:47:56 +02:00			`{% if server.public_ip is defined %}`
			`do-ip4: yes`
			`interface: 0.0.0.0`
Only recurse 2020-08-31 16:19:50 +02:00			`access-control: 0.0.0.0/0 allow`
Update configuration and logic. Support ipv6. Now ipv6 is supported using `public_ipv6` in the `server` block and refactoring the configuration logic. Also fix unbound configuration to allow recursive queries from resolvers. 2020-08-19 18:47:56 +02:00			`{% else %}`
			`do-ip4: no`
			`{% endif -%}`
Disable ipv6 by default 2022-03-11 11:43:32 +01:00			`{% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}`
Update configuration and logic. Support ipv6. Now ipv6 is supported using `public_ipv6` in the `server` block and refactoring the configuration logic. Also fix unbound configuration to allow recursive queries from resolvers. 2020-08-19 18:47:56 +02:00			`do-ip6: yes`
			`interface: ::0`
			`access-control: ::0/0 allow_snoop`
			`{% else %}`
			`do-ip6: no`
			`{% endif -%}`
Init 2020-08-03 19:25:51 +02:00			`{% if server.verbosity is defined -%}`
			`verbosity: {{ server.verbosity }}`
			`{% endif -%}`
Properly configure unbound to reply authoritatively 2020-08-31 16:19:26 +02:00			`tls-win-cert: yes`
Init 2020-08-03 19:25:51 +02:00
			`{% for zone in zones -%}`
Properly configure unbound to reply authoritatively 2020-08-31 16:19:26 +02:00			`auth-zone:`
Init 2020-08-03 19:25:51 +02:00			`name: {{ zone.name }}.`
Properly configure unbound to reply authoritatively 2020-08-31 16:19:26 +02:00			`master: {{ server.nsd_addr }}@{{ server.nsd_port }}`
Init 2020-08-03 19:25:51 +02:00			`{% endfor %}`
Update configuration and logic. Support ipv6. Now ipv6 is supported using `public_ipv6` in the `server` block and refactoring the configuration logic. Also fix unbound configuration to allow recursive queries from resolvers. 2020-08-19 18:47:56 +02:00
Forward to google resolver 2020-11-04 01:11:31 +01:00			`forward-zone:`
			`name: "."`
			`forward-host: dns.google#853`
			`forward-tls-upstream: yes`


Update configuration and logic. Support ipv6. Now ipv6 is supported using `public_ipv6` in the `server` block and refactoring the configuration logic. Also fix unbound configuration to allow recursive queries from resolvers. 2020-08-19 18:47:56 +02:00			`# vim: set syntax=yaml et sw=0 ts=2 sts=0:`