summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-03 03:45:59 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-03 03:46:28 +0100
commit07c1734d2c00ce0a52830533b19a02faed678364 (patch)
tree917dca1d878e96c1ef28fced837a9059ed7dd765 /roles/common/templates/etc
parent5ad9fc5e963b9a461f60799d7f185a9e2e13522f (diff)
Install unbound on metal hosts.
(A validating, recursive, caching DNS resolver.)
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/unbound/unbound.conf.j232
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/common/templates/etc/unbound/unbound.conf.j2 b/roles/common/templates/etc/unbound/unbound.conf.j2
new file mode 100644
index 0000000..64f32bf
--- /dev/null
+++ b/roles/common/templates/etc/unbound/unbound.conf.j2
@@ -0,0 +1,32 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+
+remote-control:
+ control-enable: no
+
+server:
+ interface: 127.0.0.1
+ root-hints: "/usr/share/dns/root.hints"
+ hide-identity: yes
+ hide-version: yes
+ prefetch: yes
+ qname-minimisation: yes
+ rrset-roundrobin: yes
+ use-caps-for-id: yes
+
+ # RFC 1918
+ private-address: 10.0.0.0/8
+ private-address: 172.16.0.0/12
+ private-address: 192.168.0.0/16
+ private-address: 169.254.0.0/16
+ private-address: fd00::/8
+ private-address: fe80::/10
+
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+include: "/etc/unbound/unbound.conf.d/*.conf"