{"id":21129594,"url":"https://github.com/pimvh/unbound","last_synced_at":"2026-05-17T20:33:34.056Z","repository":{"id":151279275,"uuid":"570135707","full_name":"pimvh/unbound","owner":"pimvh","description":"Ansible role to configure Unbound","archived":false,"fork":false,"pushed_at":"2024-05-20T18:51:36.000Z","size":84,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-01T22:46:22.624Z","etag":null,"topics":["ansible","dnssec","molecule-tested","resolver","role","unbound"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pimvh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-24T12:19:24.000Z","updated_at":"2024-05-20T18:51:39.000Z","dependencies_parsed_at":"2024-05-20T20:29:31.425Z","dependency_job_id":null,"html_url":"https://github.com/pimvh/unbound","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pimvh/unbound","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimvh%2Funbound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimvh%2Funbound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimvh%2Funbound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimvh%2Funbound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pimvh","download_url":"https://codeload.github.com/pimvh/unbound/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pimvh%2Funbound/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33153809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-17T09:28:26.183Z","status":"ssl_error","status_checked_at":"2026-05-17T09:27:52.702Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","dnssec","molecule-tested","resolver","role","unbound"],"created_at":"2024-11-20T05:25:55.874Z","updated_at":"2026-05-17T20:33:34.008Z","avatar_url":"https://github.com/pimvh.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Molecule test](https://github.com/pimvh/unbound/actions/workflows/test.yaml/badge.svg)\n\n# Requirements\n\n1. Ansible installed:\n\n```\nsudo apt install python3\npython3 -m ensurepip --upgrade\npip3 install ansible\n```\n\n## Required variables\n\nReview the variables as shown in defaults. Most have sensible defaults, you probably want to override some.\n\nYou probably want to pass interfaces, and additional access controls\n\n```\n\n---\nunbound_interfaces:\n  - \"127.0.0.1\"\n  - \"::1\"\n  - \u003c\u003c another IP here \u003e\u003e\n  - \u003c\u003c another IP here \u003e\u003e\n\nunbound_dns_port: \"53\"\nunbound_do_ipv4: \"yes\"\nunbound_do_ipv6: \"yes\"\nunbound_forward_tls_upstream: \"no\"\nunbound_prefer_ipv6: \"yes\"\nunbound_do_udp: \"yes\"\nunbound_do_tcp: \"yes\"\nunbound_verbosity: \"0\"\nunbound_log_queries: \"no\"\nunbound_log_replies: \"no\"\nunbound_log_tag_queryreply: \"no\"\nunbound_log_local_actions: \"no\"\nunbound_log_servfail: \"no\"\nunbound_private_domains:\n  - \"home.lan\"\n\n# Only give access to recursion clients from LAN IPs\nunbound_additional_access_controls:\n  - cidr_range: 10.0.0.0/8\n    action: allow\n  - cidr_range: 127.0.0.0/8\n    action: allow\n  - cidr_range: 127.0.0.1/32\n    action: allow\n  - cidr_range: 172.16.0.0/12\n    action: allow\n  - cidr_range: 192.168.0.0/16\n    action: allow\n  - cidr_range: fc00::/7\n    action: allow\n  - cidr_range: ::1/128\n    action: allow\n  - cidr_range: \u003c\u003c allow another range \u003e\u003e\n    action: allow\n\nunbound_local_zones: []\n\n# or with values;\n# unbound_local_zones:\n#   - name: mydomain.lan\n#     type: nodefault\n#   - name: .10.in-addr.arpa.\n#     type: nodefault'\n\nunbound_stub_zones: []\n# or with values:\n# unbound_stub_zones:\n#   - name: \"mydomain.lan\"\n#     secure: false\n#     addr: \"\u003c\u003c ip addr \u003e\u003e@53\"\n\nunbound_forward_zones: {}\n\n\n# or with values:\n# unbound_forward_zones:\n# dot configure everything else\n#   - name: \"\u003c\u003c zone name to forward \u003e\u003e\"\n#     forward_addrs: []\n#     forward_hosts:\n#       - # host to forward to\n#   - name: \".\"  # or forward everthing like t\n#     either can be empty\n#     forward_addrs:\n#       - # to these addresses\n#     forward_hosts:\n#       - # or hosts\n```\n\nThe Ansible playbook will validate whether the variables exist that you defined before running.\n\n# Example playbook\n\n```\nhosts:\n  - foo\nroles:\n  - pimvh.unbound\n\n```\n\n# TLDR - What will happen if I run this\n\n- validate whether rules/some other variables are defined.\n- create service that monthly pulls in the root hints.\n- install unbound, when unbound_install.\n- push config.\n- point systemd-resolved of that system to unbound first.\n- verify whether Unbound resolved a domain.\n\n# Sources\n\n- [Archlinux wiki on fetching root hints](https://wiki.archlinux.org/title/Unbound)\n- [calomel.org for unbound configuration template](https://calomel.org)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpimvh%2Funbound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpimvh%2Funbound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpimvh%2Funbound/lists"}