unbound_user: unbound unbound_group: unbound unbound_conf_dir: /etc/unbound unbound_conf_file: "{{ unbound_conf_dir }}/unbound.conf" unbound_hints_file: "{{ unbound_conf_dir }}/root.hints" unbound_string_parameters: - username - private-domain - domain-insecure - module-config unbound_default_config: server: verbosity: 1 num-threads: 2 interface: - "0.0.0.0" - "::0" do-ip6: no outgoing-port-avoid: 0-1024 incoming-num-tcp: 8 outgoing-num-tcp: 8 so-reuseport: yes edns-tcp-keepalive: yes edns-tcp-keepalive-timeout: 120000 access-control: "0.0.0.0/0 allow" chroot: "" username: "{{ unbound_user }}" use-syslog: yes log-tag-queryreply: no log-servfail: no log-queries: no root-hints: "{{ unbound_hints_file }}" hide-identity: yes hide-version: yes module-config: "validator iterator" private-address: - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "169.254.0.0/16" - "fd00::/8" - "fe80::/10" private-domain: "{{ int_tld }}" domain-insecure: "{{ int_tld }}" trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" unblock-lan-zones: yes insecure-lan-zones: yes local-zone: - '"localhost." nodefault' - '"127.in-addr.arpa." nodefault' - '"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault' - '"onion." nodefault' - '"test." nodefault' - '"invalid." nodefault' - '"10.in-addr.arpa." nodefault' - '"16.172.in-addr.arpa." nodefault' - '"17.172.in-addr.arpa." nodefault' - '"18.172.in-addr.arpa." nodefault' - '"19.172.in-addr.arpa." nodefault' - '"20.172.in-addr.arpa." nodefault' - '"21.172.in-addr.arpa." nodefault' - '"22.172.in-addr.arpa." nodefault' - '"23.172.in-addr.arpa." nodefault' - '"24.172.in-addr.arpa." nodefault' - '"25.172.in-addr.arpa." nodefault' - '"26.172.in-addr.arpa." nodefault' - '"27.172.in-addr.arpa." nodefault' - '"28.172.in-addr.arpa." nodefault' - '"29.172.in-addr.arpa." nodefault' - '"30.172.in-addr.arpa." nodefault' - '"31.172.in-addr.arpa." nodefault' - '"168.192.in-addr.arpa." nodefault' - '"0.in-addr.arpa." nodefault' - '"254.169.in-addr.arpa." nodefault' - '"2.0.192.in-addr.arpa." nodefault' - '"100.51.198.in-addr.arpa." nodefault' - '"113.0.203.in-addr.arpa." nodefault' - '"255.255.255.255.in-addr.arpa." nodefault' - '"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault' - '"d.f.ip6.arpa." nodefault' - '"8.e.f.ip6.arpa." nodefault' - '"9.e.f.ip6.arpa." nodefault' - '"a.e.f.ip6.arpa." nodefault' - '"b.e.f.ip6.arpa." nodefault' - '"8.b.d.0.1.0.0.2.ip6.arpa." nodefault' remote-control: control-enable: no