server:
{% for interface in unbound_interfaces %}
	interface: {{ interface }}
{% endfor %}
{% if keepalived_install is defined and keepalived_install %}
        ip-transparent: yes
{% endif %}
        interface-automatic: yes
{% for net in unbound_allowed_clients %}
        access-control: {{ net.cidr }} {{ net.policy }}
{% endfor %}
        verbosity: {{ unbound_verbosity }}
        # use all CPUs
        num-threads: {{ unbound_threads }}
        prefetch: {{ unbound_prefetch }}
	
        # power of 2 close to num-threads  
        msg-cache-slabs: {{ unbound_threads }}
        rrset-cache-slabs: {{ unbound_threads }}
        infra-cache-slabs: {{ unbound_threads }}
        key-cache-slabs: {{ unbound_threads }}

        # more cache memory, rrset=msg*2
        rrset-cache-size: {{ unbound_rrset_cache_size }}
        msg-cache-size: {{ unbound_rrset_msg_cache_size }}

        # more outgoing connections
        # depends on number of cores: 1024/cores - 50 
        outgoing-range: {{ 1024 // unbound_threads - 50 }}

        # Larger socket buffer.  OS may need config.
        so-rcvbuf: {{ unbound_so_rcvbuf }}
        so-sndbuf: {{ unbound_so_sndbuf }}

        # Negative TTL
        cache-max-negative-ttl: {{ unbound_max_negative_ttl }}

        # Faster UDP with multithreading (only on Linux).
	so-reuseport: {{ unbound_so_reuseport }}
        # with libevent
        outgoing-range: {{ unbound_outgoing_range }}
        num-queries-per-thread:  {{ unbound_num_queries_per_thread }}
{% if ansible_service_mgr == 'systemd' %}
        use-systemd: yes
        do-daemonize: no
{% endif %}

{% if unbound_stub_zones is defined %}
{% for zone in unbound_stub_zones %}
stub-zone:
        name: {{ zone.name }}
{% if zone.stub_host is defined %}
        stub-host: {{ zone.stub_host }}
{% endif %}
{% if zone.stub_addr is defined %}
        stub-addr: {{ zone.stub_addr }}
{% endif %}
        stub-prime: {{ zone.stub_prime | default('no') }}
        stub-first: {{ zone.stub_first | default('yes') }}

{% endfor %}
{% endif %}