forked from ISTI-ansible-roles/ansible-roles
Merge pull request 'unbound. More options, support the 'private-address' and 'private-domain' directives.' (#212) from adellam/ansible-roles:master into master
This commit is contained in:
commit
e50b4a30f9
|
@ -32,6 +32,8 @@ unbound_num_queries_per_thread: 4096
|
|||
|
||||
unbound_max_negative_ttl: 3600
|
||||
|
||||
unbound_private_addresses: []
|
||||
unbound_private_domains: []
|
||||
# Stub zones
|
||||
# One of stub_host or stub_addr must be defined
|
||||
# stub_prime and stub_first are both optional, default 'yes'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the unbound resolver packages
|
||||
apt: pkg={{ unbound_pkgs }} state=latest cache_valid_time=1800 update_cache=yes
|
||||
apt: pkg={{ unbound_pkgs }} state=present cache_valid_time=1800 update_cache=yes
|
||||
|
||||
- name: Install the unbound config files
|
||||
template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }}
|
||||
|
@ -9,6 +9,7 @@
|
|||
- unbound-server.conf
|
||||
- unbound-remote-control.conf
|
||||
notify: Restart unbound
|
||||
tags: [ 'unbound', 'unbound_conf' ]
|
||||
|
||||
- name: On bionic, stop systemd-resolvd because it interferes
|
||||
service: name=systemd-resolved state=stopped enabled=no
|
||||
|
|
|
@ -40,11 +40,35 @@ server:
|
|||
# with libevent
|
||||
outgoing-range: {{ unbound_outgoing_range }}
|
||||
num-queries-per-thread: {{ unbound_num_queries_per_thread }}
|
||||
hide-identity: yes
|
||||
hide-version: yes
|
||||
harden-short-bufsize: yes
|
||||
harden-large-queries: yes
|
||||
harden-glue: yes
|
||||
harden-dnssec-stripped: yes
|
||||
harden-below-nxdomain: yes
|
||||
harden-algo-downgrade: yes
|
||||
qname-minimisation: yes
|
||||
use-caps-for-id: yes
|
||||
unwanted-reply-threshold: 10000
|
||||
do-not-query-localhost: no
|
||||
prefetch: yes
|
||||
rrset-roundrobin: yes
|
||||
minimal-responses: yes
|
||||
val-clean-additional: yes
|
||||
#
|
||||
{% if ansible_service_mgr == 'systemd' %}
|
||||
use-systemd: yes
|
||||
do-daemonize: no
|
||||
{% endif %}
|
||||
|
||||
{% for cidr in unbound_private_addresses %}
|
||||
private-address: {{ cidr }}
|
||||
{% endfor %}
|
||||
{% for dom in unbound_private_domains %}
|
||||
private-domain: {{ dom }}
|
||||
{% endfor %}
|
||||
|
||||
{% if unbound_stub_zones is defined %}
|
||||
{% for zone in unbound_stub_zones %}
|
||||
stub-zone:
|
||||
|
|
Loading…
Reference in New Issue