# handled by ansible

server:
  verbosity: {{ dns_server.verbosity }}
  do-not-query-localhost: no
  directory: "/etc/unbound"
  username: unbound
  pidfile: "/run/unbound.pid"
  {% if server.public_ip is defined %}
  do-ip4: yes
  interface: 0.0.0.0
  access-control: 0.0.0.0/0 allow
  {% else %}
  do-ip4: no
  {% endif -%}
  {% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}
  do-ip6: yes
  interface: ::0
  access-control: ::0/0 allow_snoop
  {% else %}
  do-ip6: no
  {% endif -%}
  {% if server.verbosity is defined -%}
  verbosity: {{ server.verbosity }}
  {% endif -%}
  tls-win-cert: yes

  {% for zone in zones -%}
  auth-zone:
    name: {{ zone.name }}.
    master: {{ server.nsd_addr }}@{{ server.nsd_port }}
  {% endfor %}

  forward-zone:
    name: "."
    forward-host: dns.google#853
    forward-tls-upstream: yes


# vim: set syntax=yaml et sw=0 ts=2 sts=0: