Ansible role for building DNS servers using Unbound

Jinja 100%

Find a file

Simon Cornet b7d0ec8dca All checks were successful ci/woodpecker/push/linting Pipeline was successful Details style: remove empty whitespace lines from jinja2 templates		2026-05-20 17:51:40 +02:00
.woodpecker	chore: switch ansible-lint image to cr.simoncor.net/ansible-lint	2026-05-19 15:48:42 +02:00
defaults	feat: make defaults configurable	2026-05-06 17:38:44 +02:00
handlers	chore: migrate bare ansible_* facts to ansible_facts[] syntax	2026-05-19 09:19:08 +02:00
meta	chore: rename meta/main.yml to meta/main.yaml	2026-02-16 10:44:28 +01:00
roles	ci: migrate from gitlab ci to woodpecker	2026-05-15 14:13:49 +02:00
tasks	chore: migrate bare ansible_* facts to ansible_facts[] syntax	2026-05-19 09:19:08 +02:00
templates/unbound	style: remove empty whitespace lines from jinja2 templates	2026-05-20 17:51:40 +02:00
.ansible-lint	chore: enable offline mode for ansible-lint	2026-05-19 16:13:55 +02:00
.gitignore	feat: initial commit	2025-07-14 14:19:39 +02:00
.markdownlint-cli2.jsonc	ci: migrate from gitlab ci to woodpecker	2026-05-15 14:13:49 +02:00
.yamllint	fix: remove extra ignore section from yamllint config	2026-02-10 08:51:14 +01:00
AGENTS.md	chore: add AGENTS.md for opencode agents	2026-02-16 10:06:22 +01:00
playbook.yaml	feat: implement new role layout	2025-11-01 13:26:10 +01:00
readme.md	ci: migrate from gitlab ci to woodpecker	2026-05-15 14:13:49 +02:00
renovate.json	feat: initial commit	2025-07-14 14:19:39 +02:00

readme.md

Ansible Role: Unbound

Install and configure Unbound DNS server.

Variables

Variable	Required	Default	Description
`unbound_upstream_dns`	No	`["8.8.8.8", "1.1.1.1"]`	Upstream DNS servers
`unbound_allow_access`	Yes	`[]`	Networks allowed to query DNS
`unbound_zones`	Yes	`[]`	DNS zones to configure

Example

unbound_upstream_dns:
  - "1.1.1.1"
  - "8.8.8.8"

unbound_allow_access:
  - name: "internal-lan"
    network: "10.0.0.0/8"
  - name: "dmz"
    network: "192.168.1.0/24"

unbound_zones:
  - zone: "internal.example.com"
    type: "static"
    records:

      # A records (default type)
      - name: "server1.internal.example.com"
        value: "10.0.1.10"

      # AAAA record
      - name: "server2.internal.example.com"
        type: "AAAA"
        value: "2001:db8::1"

      # CNAME record
      - name: "internal.example.com"
        type: "CNAME"
        value: "server1.internal.example.com"

      # MX record
      - name: "internal.example.com"
        type: "MX"
        priority: 10
        value: "mail.internal.example.com"

      # TXT record
      - name: "internal.example.com"
        type: "TXT"
        value: "v=spf1 include:internal.example.com ~all"

      # SRV record
      - name: "_sip._tcp.internal.example.com"
        type: "SRV"
        priority: 10
        weight: 60
        port: 5060
        value: "server1.internal.example.com"

      # PTR record (manual reverse DNS)
      - name: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"
        type: "PTR"
        value: "server1.internal.example.com"

Supported Record Types

Type	Required Fields	Description
`A` (default)	`name`, `value`	IPv4 address record
`AAAA`	`name`, `value`, `type`	IPv6 address record
`CNAME`	`name`, `value`, `type`	Canonical name
`MX`	`name`, `value`, `type`, `priority`	Mail exchange
`TXT`	`name`, `value`, `type`	Text record
`SRV`	`name`, `value`, `type`, `priority`, `weight`, `port`	Service locator
`PTR`	`name`, `value`, `type`	Pointer record

Reverse DNS

Reverse DNS (PTR) records are automatically generated for IPv4 A records in the following networks:

192.168.x.x/16
10.8.x.x/16
10.0.x.x/16

IPv6 reverse DNS is not auto-generated.
Use manual PTR records in a dedicated zone instead.