2019-07-20 02:08:55 +02:00
|
|
|
---
|
2021-01-06 11:17:58 +01:00
|
|
|
# simple version check for this role? (true is recomended)
|
|
|
|
|
submodules_versioncheck: false
|
2019-07-20 02:08:55 +02:00
|
|
|
|
|
|
|
|
unbound_listen_addresses:
|
|
|
|
|
- '127.0.0.1@53'
|
|
|
|
|
- '::1@53'
|
2021-01-19 01:03:47 +01:00
|
|
|
|
2021-07-16 19:53:55 +02:00
|
|
|
unbound_access_control:
|
|
|
|
|
- 'access-control: 127.0.0.1 allow'
|
|
|
|
|
- 'access-control: ::1 allow'
|
|
|
|
|
|
2021-01-19 01:03:47 +01:00
|
|
|
unbound__state: 'present'
|
2022-11-17 23:46:33 +01:00
|
|
|
|
|
|
|
|
# snippets for dns rebinding protection
|
|
|
|
|
unbount__dns_rebind_protection: true
|
|
|
|
|
unbound__protect_rebind_localhost: true
|
|
|
|
|
unbound__protect_rebind_rfc1918: true
|
|
|
|
|
unbound__protect_rebind_carrier_grade_nat: true
|
|
|
|
|
unbound__protect_rebind_v4_link_local: true
|
|
|
|
|
unbound__protect_rebind_unique_local: true
|
|
|
|
|
unbound__protect_rebind_v6_link_local: true
|
|
|
|
|
unbound__protect_rebind_rfc4291: true
|
|
|
|
|
|
|
|
|
|
# dns qname privacy
|
|
|
|
|
unbount__dns_qname_minimisation: true
|
|
|
|
|
|
|
|
|
|
# anchor file
|
|
|
|
|
unbound__auto_trust_anchor: true
|
|
|
|
|
unbound__auto_trust_anchor_file: "/var/lib/unbound/root.key"
|
