server:
verbosity: 1
-<% if @is_recursor && @client_ranges -%>
+<% if (@is_recursor and (not @client_ranges.empty?)) -%>
interface: 0.0.0.0
interface: ::0
# auto-trust-anchor-file: ""
auto-trust-anchor-file: "/var/lib/unbound/root.key"
auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+<% if not @firewall_blocks_dns %>
+ auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
+<% end -%>
+
+ prefetch: yes
+ prefetch-key: yes
+
+
+<% if not @firewall_blocks_dns %>
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+ name: "29.172.in-addr.arpa"
+ forward-host: geo1.debian.org
+ forward-host: geo2.debian.org
+ forward-host: geo3.debian.org
+<% end -%>
# recursive: <%= @is_recursor ? "y" : "n" %>
-<% if (not @is_recursor) and (not @ns.empty?) -%>
+<% if not @is_recursor -%>
forward-zone:
name: "."
<% @ns.to_a.flatten.each do |nms| -%>
forward-addr: <%= nms %>
<% end -%>
-<% end -%>
-<% if hostname == "zappa" -%>
-edns-buffer-size: 512
+ forward-first: yes
<% end -%>