{{ ansible_managed | comment }} server: # Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, # and are not allowed to be returned for public internet names. Any occurrence of such addresses # are removed from DNS answers. Additionally, the DNSSEC validator may mark the answers bogus. # This protects against so-called DNS Rebinding. # Legacy IP {% if unbound__protect_rebind_localhost | bool %} # localhost private-address: 127.0.0.0/8 {% endif %} {% if unbound__protect_rebind_rfc1918 | bool %} # private IPv4 address spaces (rfc 1918) private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 {% endif %} {% if unbound__protect_rebind_carrier_grade_nat | bool %} # carrier-grade NAT (rfc 6598) private-address: 100.64.0.0/10 {% endif %} {% if unbound__protect_rebind_v4_link_local | bool %} # link-local addresses private-address: 169.254.0.0/16 {% endif %} # IPv6 {% if unbound__protect_rebind_localhost | bool %} # localhost private-address: ::/128 {% endif %} {% if unbound__protect_rebind_unique_local | bool %} # unique local addresses (rfc 4193) private-address: fd00::/8 {% endif %} {% if unbound__protect_rebind_v6_link_local | bool %} # link-local addresses (rfc 4862, 4291) private-address: fe80::/10 {% endif %} {% if unbound__protect_rebind_rfc4291 | bool %} # IPv4-mapped addresses (rfc 4291) private-address: ::ffff:0:0/96 {% endif %}