You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 lines
2.9 KiB
99 lines
2.9 KiB
unbound_user: unbound
|
|
unbound_group: unbound
|
|
unbound_conf_dir: /etc/unbound
|
|
|
|
unbound_conf_file: "{{ unbound_conf_dir }}/unbound.conf"
|
|
unbound_hints_file: "{{ unbound_conf_dir }}/root.hints"
|
|
|
|
unbound_string_parameters:
|
|
- username
|
|
- private-domain
|
|
- domain-insecure
|
|
- module-config
|
|
|
|
unbound_default_config:
|
|
server:
|
|
verbosity: 1
|
|
num-threads: 2
|
|
interface:
|
|
- "0.0.0.0"
|
|
- "::0"
|
|
do-ip6: no
|
|
outgoing-port-avoid: 0-1024
|
|
incoming-num-tcp: 8
|
|
outgoing-num-tcp: 8
|
|
so-reuseport: yes
|
|
edns-tcp-keepalive: yes
|
|
edns-tcp-keepalive-timeout: 120000
|
|
|
|
access-control: "0.0.0.0/0 allow"
|
|
|
|
chroot: ""
|
|
username: "{{ unbound_user }}"
|
|
use-syslog: yes
|
|
log-tag-queryreply: no
|
|
log-servfail: no
|
|
log-queries: no
|
|
root-hints: "{{ unbound_hints_file }}"
|
|
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
module-config: "validator iterator"
|
|
|
|
private-address:
|
|
- "10.0.0.0/8"
|
|
- "172.16.0.0/12"
|
|
- "192.168.0.0/16"
|
|
- "169.254.0.0/16"
|
|
- "fd00::/8"
|
|
- "fe80::/10"
|
|
|
|
private-domain: "{{ int_tld }}"
|
|
domain-insecure: "{{ int_tld }}"
|
|
|
|
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
|
|
|
|
unblock-lan-zones: yes
|
|
insecure-lan-zones: yes
|
|
|
|
local-zone:
|
|
- '"localhost." nodefault'
|
|
- '"127.in-addr.arpa." nodefault'
|
|
- '"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault'
|
|
- '"onion." nodefault'
|
|
- '"test." nodefault'
|
|
- '"invalid." nodefault'
|
|
- '"10.in-addr.arpa." nodefault'
|
|
- '"16.172.in-addr.arpa." nodefault'
|
|
- '"17.172.in-addr.arpa." nodefault'
|
|
- '"18.172.in-addr.arpa." nodefault'
|
|
- '"19.172.in-addr.arpa." nodefault'
|
|
- '"20.172.in-addr.arpa." nodefault'
|
|
- '"21.172.in-addr.arpa." nodefault'
|
|
- '"22.172.in-addr.arpa." nodefault'
|
|
- '"23.172.in-addr.arpa." nodefault'
|
|
- '"24.172.in-addr.arpa." nodefault'
|
|
- '"25.172.in-addr.arpa." nodefault'
|
|
- '"26.172.in-addr.arpa." nodefault'
|
|
- '"27.172.in-addr.arpa." nodefault'
|
|
- '"28.172.in-addr.arpa." nodefault'
|
|
- '"29.172.in-addr.arpa." nodefault'
|
|
- '"30.172.in-addr.arpa." nodefault'
|
|
- '"31.172.in-addr.arpa." nodefault'
|
|
- '"168.192.in-addr.arpa." nodefault'
|
|
- '"0.in-addr.arpa." nodefault'
|
|
- '"254.169.in-addr.arpa." nodefault'
|
|
- '"2.0.192.in-addr.arpa." nodefault'
|
|
- '"100.51.198.in-addr.arpa." nodefault'
|
|
- '"113.0.203.in-addr.arpa." nodefault'
|
|
- '"255.255.255.255.in-addr.arpa." nodefault'
|
|
- '"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault'
|
|
- '"d.f.ip6.arpa." nodefault'
|
|
- '"8.e.f.ip6.arpa." nodefault'
|
|
- '"9.e.f.ip6.arpa." nodefault'
|
|
- '"a.e.f.ip6.arpa." nodefault'
|
|
- '"b.e.f.ip6.arpa." nodefault'
|
|
- '"8.b.d.0.1.0.0.2.ip6.arpa." nodefault'
|
|
|
|
remote-control:
|
|
control-enable: no
|
|
|