ansible-dns/templates/unbound.conf.j2

include: "/etc/unbound/redxen-dns.conf"
include: "/etc/unbound/internal.conf"
server:
	directory: "/etc/unbound"
	access-control: 0.0.0.0/0 refuse_non_local
	# Local Host
	access-control: 127.0.0.0/24 allow
	# Wireguard Range
	access-control: 172.22.12.0/24 allow
	# log-replies: yes
	interface: 0.0.0.0
	interface: ::0
	extended-statistics: yes
	root-hints: /usr/share/dns/root.hints
	rrset-roundrobin: yes
	trust-anchor-file: /usr/share/dns/root.key
	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
	port: 53
	ratelimit: 20
	prefetch: yes
	prefetch-key: yes
	do-daemonize: no
	logfile: ""
	cache-min-ttl: 60
	harden-glue: yes
	aggressive-nsec: yes
	serve-expired: yes
	serve-expired-ttl: 86400
	serve-expired-ttl-reset: yes
remote-control:
	control-enable: yes
	control-use-cert: no
	control-interface: 127.0.0.1
forward-zone:
	name: "."
	forward-tls-upstream: yes
#	forward-addr: 2a04:c44:e00:32e0:42a:30ff:fe00:e7d@853#a.cyberiadot.invalid
#	forward-addr: 194.182.165.153@853#a.cyberiadot.invalid
#	forward-addr: 2a01:4f8:1c17:4d9b::853@853#b.cyberiadot.invalid
#	forward-addr: 78.47.220.84@853#b.cyberiadot.invalid
	forward-addr: 2620:fe::fe@853#dns.quad9.net
	forward-addr: 9.9.9.9@853#dns.quad9.net
	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
	forward-addr: 1.1.1.1@853#cloudflare-dns.com