2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
3 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
9 <% if (@is_recursor and (not @client_ranges.empty?)) -%>
13 interface-automatic: yes
15 access-control: 0.0.0.0/0 refuse
16 access-control: ::0/0 refuse
17 access-control: 127.0.0.0/8 allow
18 access-control: ::0/0 refuse
19 access-control: ::1 allow
20 access-control: ::ffff:127.0.0.1 allow
21 <% @client_ranges.to_a.flatten.each do |net| -%>
22 access-control: <%= net -%> allow
31 # Do not query the following addresses. No DNS queries are sent there.
32 # List one address per entry. List classless netblocks with /size,
33 # do-not-query-address: 127.0.0.1/8
34 # do-not-query-address: ::1
36 # if yes, the above default do-not-query-address entries are present.
37 # if no, localhost can be queried (for testing and debugging).
38 # do-not-query-localhost: yes
40 # File with trusted keys, kept uptodate using RFC5011 probes,
41 # initial file like trust-anchor-file, then it stores metadata.
42 # Use several entries, one per domain name, to track multiple zones.
43 # auto-trust-anchor-file: ""
44 auto-trust-anchor-file: "/var/lib/unbound/root.key"
45 auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
46 auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
48 # recursive: <%= @is_recursor ? "y" : "n" %>
49 <% if not @is_recursor -%>
52 <% @ns.to_a.flatten.each do |nms| -%>
53 forward-addr: <%= nms %>
55 # XXX : we probably ought to forward 172.29 reverse queries to our nameserver
56 # if our forwarders are not ours.
58 local-zone: "29.172.in-addr.arpa" nodefault
60 name: "29.172.in-addr.arpa"
61 forward-host: ns1.debian.org
62 forward-host: ns2.debian.org
63 forward-host: ns3.debian.org
64 forward-host: ns4.debian.com