ansible/roles/unbound/templates/recursive.conf.j2
2020-04-18 15:42:31 +02:00

30 lines
864 B
Django/Jinja

# {{ ansible_managed }}
server:
# Timestamps use UTC ASCII instead of UNIX epoch.
log-time-ascii: yes
logfile: /var/log/unbound.log
# Only log errors.
verbosity: 0
do-ip4: yes
# FIXME: IPv6 deployment... someday...
do-ip6: no
# IP addresses on which to listen.
interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}
# By default, anything other than localhost is refused.
# Whitelist some subnets:
access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow
num-threads: {{ ansible_processor_vcpus }}
private-address: 10.0.0.0/8