30 lines
864 B
Django/Jinja
30 lines
864 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
server:
|
|
# Timestamps use UTC ASCII instead of UNIX epoch.
|
|
log-time-ascii: yes
|
|
|
|
logfile: /var/log/unbound.log
|
|
|
|
# Only log errors.
|
|
verbosity: 0
|
|
|
|
do-ip4: yes
|
|
# FIXME: IPv6 deployment... someday...
|
|
do-ip6: no
|
|
|
|
# IP addresses on which to listen.
|
|
interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
|
|
interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
|
|
interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}
|
|
|
|
|
|
# By default, anything other than localhost is refused.
|
|
# Whitelist some subnets:
|
|
access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
|
|
access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
|
|
access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow
|
|
|
|
num-threads: {{ ansible_processor_vcpus }}
|
|
|
|
private-address: 10.0.0.0/8
|