# Ansible Role: Unbound

Install and configure [Unbound](https://nlnetlabs.nl/projects/unbound/) DNS server.

## Variables

| Variable               | Required | Default                  | Description                   |
| ---------------------- | -------- | ------------------------ | ----------------------------- |
| `unbound_upstream_dns` | No       | `["8.8.8.8", "1.1.1.1"]` | Upstream DNS servers          |
| `unbound_allow_access` | Yes      | `[]`                     | Networks allowed to query DNS |
| `unbound_zones`        | Yes      | `[]`                     | DNS zones to configure        |

## Example

```yaml
unbound_upstream_dns:
  - "1.1.1.1"
  - "8.8.8.8"

unbound_allow_access:
  - name: "internal-lan"
    network: "10.0.0.0/8"
  - name: "dmz"
    network: "192.168.1.0/24"

unbound_zones:
  - zone: "internal.example.com"
    type: "static"
    records:

      # A records (default type)
      - name: "server1.internal.example.com"
        value: "10.0.1.10"

      # AAAA record
      - name: "server2.internal.example.com"
        type: "AAAA"
        value: "2001:db8::1"

      # CNAME record
      - name: "internal.example.com"
        type: "CNAME"
        value: "server1.internal.example.com"

      # MX record
      - name: "internal.example.com"
        type: "MX"
        priority: 10
        value: "mail.internal.example.com"

      # TXT record
      - name: "internal.example.com"
        type: "TXT"
        value: "v=spf1 include:internal.example.com ~all"

      # SRV record
      - name: "_sip._tcp.internal.example.com"
        type: "SRV"
        priority: 10
        weight: 60
        port: 5060
        value: "server1.internal.example.com"

      # PTR record (manual reverse DNS)
      - name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"
        type: "PTR"
        value: "server1.internal.example.com"
```

## Supported Record Types

| Type          | Required Fields                                       | Description         |
| ------------- | ----------------------------------------------------- | ------------------- |
| `A` (default) | `name`, `value`                                       | IPv4 address record |
| `AAAA`        | `name`, `value`, `type`                               | IPv6 address record |
| `CNAME`       | `name`, `value`, `type`                               | Canonical name      |
| `MX`          | `name`, `value`, `type`, `priority`                   | Mail exchange       |
| `TXT`         | `name`, `value`, `type`                               | Text record         |
| `SRV`         | `name`, `value`, `type`, `priority`, `weight`, `port` | Service locator     |
| `PTR`         | `name`, `value`, `type`                               | Pointer record      |

## Reverse DNS

Reverse DNS (PTR) records are **automatically generated** for IPv4 A records in the following networks:

- `192.168.x.x/16`
- `10.8.x.x/16`
- `10.0.x.x/16`

**IPv6 reverse DNS is not auto-generated.**  
Use manual PTR records in a dedicated zone instead.