From 9b5acb19b33746249d548a7937c07ae3bd54f76f Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Fri, 8 Nov 2019 11:37:49 +0100
Subject: [PATCH] unbound: manage the use of stub zones.

---
 library/roles/unbound-resolver/defaults/main.yml |  6 ++++++
 .../templates/unbound-server.conf                | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/library/roles/unbound-resolver/defaults/main.yml b/library/roles/unbound-resolver/defaults/main.yml
index 20bb1a94..2ebb4d69 100644
--- a/library/roles/unbound-resolver/defaults/main.yml
+++ b/library/roles/unbound-resolver/defaults/main.yml
@@ -29,3 +29,9 @@ unbound_so_reuseport: 'yes'
 # with libevent
 unbound_outgoing_range: 8192
 unbound_num_queries_per_thread: 4096
+
+# Stub zones
+# One of stub_host or stub_addr must be defined
+# stub_prime and stub_first are both optional, default 'yes'
+#unbound_stub_zones:
+#  - { name: '', stub_addr: '', stub_host: '', stub_prime: '', stub_first: '' }
diff --git a/library/roles/unbound-resolver/templates/unbound-server.conf b/library/roles/unbound-resolver/templates/unbound-server.conf
index e955d899..7216d8e7 100644
--- a/library/roles/unbound-resolver/templates/unbound-server.conf
+++ b/library/roles/unbound-resolver/templates/unbound-server.conf
@@ -42,3 +42,19 @@ server:
         do-daemonize: no
 {% endif %}
 
+{% if unbound_stub_zones is defined %}
+{% for zone in unbound_stub_zones %}
+stub-zone:
+        name: {{ zone.name }}
+{% if zone.stub_host is defined %}
+        stub-host: {{ zone.stub_host }}
+{% endif %}
+{% if zone.stub_addr is defined %}
+        stub-addr: {{ zone.stub_addr }}
+{% endif %}
+        stub-prime: {{ zone.stub_prime | default('yes') }}
+        stub-first: {{ zone.stub_first | default('yes') }}
+
+{% endfor %}
+{% endif %}
+