Install unbound on metal hosts.

(A validating, recursive, caching DNS resolver.)
author: Guilhem Moulin <guilhem@fripost.org> 2018-12-03 03:45:59 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2018-12-03 03:46:28 +0100
commit: 07c1734d2c00ce0a52830533b19a02faed678364 (patch)
tree: 917dca1d878e96c1ef28fced837a9059ed7dd765 /roles/common/templates/etc
parent: 5ad9fc5e963b9a461f60799d7f185a9e2e13522f (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/common/templates/etc/unbound/unbound.conf.j2 b/roles/common/templates/etc/unbound/unbound.conf.j2
new file mode 100644
index 0000000..64f32bf
--- /dev/null
+++ b/roles/common/templates/etc/unbound/unbound.conf.j2
@@ -0,0 +1,32 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+
+remote-control:
+    control-enable: no
+
+server:
+    interface: 127.0.0.1
+    root-hints: "/usr/share/dns/root.hints"
+    hide-identity: yes
+    hide-version: yes
+    prefetch: yes
+    qname-minimisation: yes
+    rrset-roundrobin: yes
+    use-caps-for-id: yes
+
+    # RFC 1918
+    private-address: 10.0.0.0/8
+    private-address: 172.16.0.0/12
+    private-address: 192.168.0.0/16
+    private-address: 169.254.0.0/16
+    private-address: fd00::/8
+    private-address: fe80::/10
+
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+include: "/etc/unbound/unbound.conf.d/*.conf"
author	Guilhem Moulin <guilhem@fripost.org>	2018-12-03 03:45:59 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2018-12-03 03:46:28 +0100
commit	07c1734d2c00ce0a52830533b19a02faed678364 (patch)
tree	917dca1d878e96c1ef28fced837a9059ed7dd765 /roles/common/templates/etc
parent	5ad9fc5e963b9a461f60799d7f185a9e2e13522f (diff)