2 files changed, 37 insertions, 0 deletions

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7795da8..33a2c39 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -18,6 +18,11 @@
   when: "'webmail' in group_names and 'LDAP-provider' not in group_names"
 - import_tasks: auditd.yml
   tags: auditd
+- import_tasks: unbound.yml
+  tags:
+    - unbound
+    - dns
+  when: "ansible_processor[1] is search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest'"
 - import_tasks: rkhunter.yml
   tags: rkhunter
 - import_tasks: clamav.yml
diff --git a/roles/common/tasks/unbound.yml b/roles/common/tasks/unbound.yml
new file mode 100644
index 0000000..b4554ac
--- /dev/null
+++ b/roles/common/tasks/unbound.yml
@@ -0,0 +1,32 @@
+- name: Install unbound
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - unbound
+    - dns-root-data
+
+- name: Copy unbound configuration
+  template: src=templates/etc/unbound/unbound.conf.j2
+            dest=/etc/unbound/unbound.conf
+            owner=root group=root
+            mode=0644
+  register: r
+  notify:
+    - Restart unbound
+
+- name: Start unbound
+  service: name=unbound state=started
+  when: not r.changed
+
+#- meta: flush_handlers
+
+- name: Use the local DNS server
+  lineinfile: dest=/etc/resolv.conf create=yes
+              regexp='^nameserver\s+127\.0\.0\.1\s*$'
+              line='nameserver 127.0.0.1'
+              insertbefore='^\s*#*?nameserver\s'
+              firstmatch=yes
+  tags:
+    - resolver
+  notify:
+    - Restart Postfix