full-dns/templates/unbound.conf.j2

41 lines
894 B
Django/Jinja

# handled by ansible
server:
verbosity: {{ dns_server.verbosity }}
do-not-query-localhost: no
directory: "/etc/unbound"
username: unbound
pidfile: "/run/unbound.pid"
{% if server.public_ip is defined %}
do-ip4: yes
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
{% else %}
do-ip4: no
{% endif -%}
{% if server.public_ip6 is defined and not full_dns_ipv6_disabled %}
do-ip6: yes
interface: ::0
access-control: ::0/0 allow_snoop
{% else %}
do-ip6: no
{% endif -%}
{% if server.verbosity is defined -%}
verbosity: {{ server.verbosity }}
{% endif -%}
tls-win-cert: yes
{% for zone in zones -%}
auth-zone:
name: {{ zone.name }}.
master: {{ server.nsd_addr }}@{{ server.nsd_port }}
{% endfor %}
forward-zone:
name: "."
forward-host: dns.google#853
forward-tls-upstream: yes
# vim: set syntax=yaml et sw=0 ts=2 sts=0: