๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/unbound/defaults/main.yml

100 lines
2.9 KiB

2 years ago
unbound_user: unbound
unbound_group: unbound
unbound_conf_dir: /etc/unbound
unbound_conf_file: "{{ unbound_conf_dir }}/unbound.conf"
unbound_hints_file: "{{ unbound_conf_dir }}/root.hints"
unbound_string_parameters:
- username
- private-domain
- domain-insecure
- module-config
unbound_default_config:
server:
verbosity: 1
num-threads: 2
interface:
- "0.0.0.0"
- "::0"
do-ip6: no
outgoing-port-avoid: 0-1024
incoming-num-tcp: 8
outgoing-num-tcp: 8
so-reuseport: yes
edns-tcp-keepalive: yes
edns-tcp-keepalive-timeout: 120000
access-control: "0.0.0.0/0 allow"
chroot: ""
username: "{{ unbound_user }}"
use-syslog: yes
log-tag-queryreply: no
log-servfail: no
log-queries: no
root-hints: "{{ unbound_hints_file }}"
hide-identity: yes
hide-version: yes
module-config: "validator iterator"
private-address:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
- "169.254.0.0/16"
- "fd00::/8"
- "fe80::/10"
private-domain: "{{ int_tld }}"
domain-insecure: "{{ int_tld }}"
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
unblock-lan-zones: yes
insecure-lan-zones: yes
local-zone:
- '"localhost." nodefault'
- '"127.in-addr.arpa." nodefault'
- '"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault'
- '"onion." nodefault'
- '"test." nodefault'
- '"invalid." nodefault'
- '"10.in-addr.arpa." nodefault'
- '"16.172.in-addr.arpa." nodefault'
- '"17.172.in-addr.arpa." nodefault'
- '"18.172.in-addr.arpa." nodefault'
- '"19.172.in-addr.arpa." nodefault'
- '"20.172.in-addr.arpa." nodefault'
- '"21.172.in-addr.arpa." nodefault'
- '"22.172.in-addr.arpa." nodefault'
- '"23.172.in-addr.arpa." nodefault'
- '"24.172.in-addr.arpa." nodefault'
- '"25.172.in-addr.arpa." nodefault'
- '"26.172.in-addr.arpa." nodefault'
- '"27.172.in-addr.arpa." nodefault'
- '"28.172.in-addr.arpa." nodefault'
- '"29.172.in-addr.arpa." nodefault'
- '"30.172.in-addr.arpa." nodefault'
- '"31.172.in-addr.arpa." nodefault'
- '"168.192.in-addr.arpa." nodefault'
- '"0.in-addr.arpa." nodefault'
- '"254.169.in-addr.arpa." nodefault'
- '"2.0.192.in-addr.arpa." nodefault'
- '"100.51.198.in-addr.arpa." nodefault'
- '"113.0.203.in-addr.arpa." nodefault'
- '"255.255.255.255.in-addr.arpa." nodefault'
- '"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault'
- '"d.f.ip6.arpa." nodefault'
- '"8.e.f.ip6.arpa." nodefault'
- '"9.e.f.ip6.arpa." nodefault'
- '"a.e.f.ip6.arpa." nodefault'
- '"b.e.f.ip6.arpa." nodefault'
- '"8.b.d.0.1.0.0.2.ip6.arpa." nodefault'
remote-control:
control-enable: no