From 7066bee4ca203f8ff67ebb6c17121c08ec1d3987 Mon Sep 17 00:00:00 2001
From: "Philip (a-0)" <@ph:a-0.me>
Date: Wed, 13 Sep 2023 10:45:36 +0200
Subject: [PATCH] fixes in unbound

---
 tasks/main.yml            | 15 +++++++++++++++
 templates/unbound.conf.j2 | 30 ++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 templates/unbound.conf.j2

diff --git a/tasks/main.yml b/tasks/main.yml
index cb4ba88..08d1c2a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -20,6 +20,21 @@
   vars:
     __os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}"
 
+- name: Install unbound DNS resolver
+  apt:
+    name: unbound
+    state: latest
+
+- name: Set unbound config file
+  template:
+    src: unbound.conf.j2
+    dest: /etc/unbound/unbound.conf.d/default.conf
+
+- name: Restart unbound
+  service:
+    name: unbound
+    state: restarted
+
 - name: Check whether pi-hole is installed
   stat:
     path: "{{ pihole_config_dir }}"
diff --git a/templates/unbound.conf.j2 b/templates/unbound.conf.j2
new file mode 100644
index 0000000..24bfb50
--- /dev/null
+++ b/templates/unbound.conf.j2
@@ -0,0 +1,30 @@
+server:
+  interface: {{ query('community.general.dig', inventory_hostname, 'qtype=A') | first }}
+  port: 5335
+  access-control: 192.168.0.0/16 allow_snoop
+  verbosity: 2
+
+  use-syslog: no
+  logfile: "/var/log/unbound/unbound.log"
+  log-time-ascii: yes
+  statistics-cumulative: yes
+
+# Optimization
+  num-threads: 12
+  msg-cache-slabs: 8
+  rrset-cache-slabs: 8
+  infra-cache-slabs: 8
+  key-cache-slabs: 8
+
+  rrset-cache-size: 250m
+  msg-cache-size: 125m
+
+  so-reuseport: yes
+
+  minimal-responses: yes
+
+  prefetch: yes
+  prefetch-key: yes
+
+  serve-expired: yes
+  cache-max-ttl: 3600
\ No newline at end of file