server:
{% for interface in unbound_interfaces %}
	interface: {{ interface }}
{% endfor %}
{% if keepalived_install is defined and keepalived_install %}
        ip-transparent: yes
{% endif %}
        interface-automatic: yes
{% for net in unbound_allowed_clients %}
        access-control: {{ net.cidr }} {{ net.policy }}
{% endfor %}
        verbosity: {{ unbound_verbosity }}
        # use all CPUs
        num-threads: {{ unbound_threads }}
        prefetch: {{ unbound_prefetch }}
	
        # power of 2 close to num-threads  
        msg-cache-slabs: {{ unbound_threads }}
        rrset-cache-slabs: {{ unbound_threads }}
        infra-cache-slabs: {{ unbound_threads }}
        key-cache-slabs: {{ unbound_threads }}

        # more cache memory, rrset=msg*2
        rrset-cache-size: {{ unbound_rrset_cache_size }}
        msg-cache-size: {{ unbound_rrset_msg_cache_size }}

        # more outgoing connections
        # depends on number of cores: 1024/cores - 50 
        outgoing-range: {{ 1024 * unbound_threads - 50 }}

        # Larger socket buffer.  OS may need config.
        so-rcvbuf: {{ unbound_so_rcvbuf }}
        so-sndbuf: {{ unbound_so_sndbuf }}

        # Negative TTL
        cache-max-negative-ttl: {{ unbound_max_negative_ttl }}

        # Faster UDP with multithreading (only on Linux).
	so-reuseport: {{ unbound_so_reuseport }}
        # with libevent
        num-queries-per-thread: {{ unbound_num_queries_per_thread }}
        hide-identity: {{ unbound_hide_identity  }}
        hide-version: {{ unbound_hide_version  }}
        qname-minimisation: {{ unbound_qname_minimisation }}
        # The following is experimental
        use-caps-for-id: {{ unbound_use_caps_for_id }}
        unwanted-reply-threshold: {{ unbound_unwanted_reply_threshold }}
        do-not-query-localhost: {{ unbound_do_not_query_localhost }}
        rrset-roundrobin: {{ unbound_rrset_roundrobin }}
        val-clean-additional: {{ unbound_val_clean_additional }}
        unblock-lan-zones: {{ unbound_unblock_lan_zones }}
        do-ip6: {{ unbound_do_ipv6 }}
        #
{% if ansible_service_mgr == 'systemd' %}
        use-systemd: yes
        do-daemonize: no
{% endif %}

{% for cidr in unbound_private_addresses %}
        private-address: {{ cidr }}
{% endfor %}
{% for dom in unbound_private_domains %}
        private-domain: {{ dom }}
{% endfor %}

{% if unbound_stub_zones is defined %}
{% for zone in unbound_stub_zones %}
stub-zone:
        name: {{ zone.name }}
{% if zone.stub_host is defined %}
        stub-host: {{ zone.stub_host }}
{% endif %}
{% if zone.stub_addr is defined %}
        stub-addr: {{ zone.stub_addr }}
{% endif %}
        stub-prime: {{ zone.stub_prime | default('no') }}
        stub-first: {{ zone.stub_first | default('yes') }}

{% endfor %}
{% endif %}