From 4f8e2c9e7a1a82ad09d35121e1d737d6352e3959 Mon Sep 17 00:00:00 2001
From: Blallo <blallo@autistici.org>
Date: Fri, 11 Mar 2022 11:43:32 +0100
Subject: [PATCH] Disable ipv6 by default

---
 defaults/main.yml           | 2 ++
 templates/main_zone.conf.j2 | 2 +-
 templates/nsd.conf.j2       | 6 +++++-
 templates/unbound.conf.j2   | 2 +-
 4 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..20f5425
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+full_dns_ipv6_disabled: true
diff --git a/templates/main_zone.conf.j2 b/templates/main_zone.conf.j2
index 8b6f03a..2241801 100644
--- a/templates/main_zone.conf.j2
+++ b/templates/main_zone.conf.j2
@@ -16,7 +16,7 @@ $TTL {{ main_zone.ttl|default(3600) }}
 				MX{% if record.opts is defined %}		{{ record.opts }}{% endif %}	{{ record.value }}
 {% endfor %}
 {{ server.hostname }}.		IN	A		{{ server.public_ip }}
-{% if server.public_ip6 is defined -%}
+{% if server.public_ip6 is defined and not full_dns_ipv6_disabled -%}
 {{ server.hostname }}.		IN	AAAA		{{ server.public_ip6 }}
 {% endif %}
 {% for satellite in satellites %}
diff --git a/templates/nsd.conf.j2 b/templates/nsd.conf.j2
index bfc263c..e5b6ea4 100644
--- a/templates/nsd.conf.j2
+++ b/templates/nsd.conf.j2
@@ -12,7 +12,11 @@ server:
   {% endif -%}
   port: {{ server.nsd_port }}
   do-ip4: {{ 'yes' if server.nsd_addr is defined else 'no' }}
-  do-ip6: {{ 'yes' if server.nsd_addr6 is defined else 'no' }}
+  {% if server.nsd_addr6 is defined and not full_dns_ipv6_disabled -%}
+  do-ip6: yes
+  {% else -%}
+  do-ip6: no
+  {% endif %}
   hide-version: yes
   refuse-any: {{ server.refuse_any|default('yes') }}
   log-only-syslog: yes
diff --git a/templates/unbound.conf.j2 b/templates/unbound.conf.j2
index 9ac585c..a16d7ad 100644
--- a/templates/unbound.conf.j2
+++ b/templates/unbound.conf.j2
@@ -13,7 +13,7 @@ server:
   {% else %}
   do-ip4: no
   {% endif -%}
-  {% if server.public_ip6 is defined %}
+  {% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}
   do-ip6: yes
   interface: ::0
   access-control: ::0/0 allow_snoop