ansible/roles/unbound/templates/recursive.conf.j2

server:
    # Timestamps use UTC ASCII instead of UNIX epoch.
    log-time-ascii: yes

    do-ip4: yes
    # FIXME: IPv6 deployment... someday...
    do-ip6: no

    # IP addresses on which to listen.
    interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
    interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
    interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}

 
    # By default, anything other than localhost is refused.
    # Whitelist some subnets:
    access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
    access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
    access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow

    num-threads: {{ ansible_processor_vcpus }}

    private-address: 10.0.0.0/8
unbound: initial deployment 2020-04-13 16:35:09 +02:00			`server:`
unbound: remove unchecked configuration keys 2020-04-13 18:24:45 +02:00			`# Timestamps use UTC ASCII instead of UNIX epoch.`
unbound: initial deployment 2020-04-13 16:35:09 +02:00			`log-time-ascii: yes`
unbound: remove unchecked configuration keys 2020-04-13 18:24:45 +02:00
			`do-ip4: yes`
			`# FIXME: IPv6 deployment... someday...`
			`do-ip6: no`

unbound: initial deployment 2020-04-13 16:35:09 +02:00			`# IP addresses on which to listen.`
			`interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}`
			`interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}`
			`interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}`


			`# By default, anything other than localhost is refused.`
			`# Whitelist some subnets:`
			`access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow`
			`access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow`
			`access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow`

			`num-threads: {{ ansible_processor_vcpus }}`

			`private-address: 10.0.0.0/8`