# {{ ansible_managed }}

# Listen only on the specified interface(s)
interface={{ dnsmasq_interface }}

# Tells dnsmasq to never forward A or AAAA queries for plain names
domain-needed

# Specifies DNS domains
domain={{ dnsmasq_domain }}
local=/{{ dnsmasq_domain }}/

# Add the domain to simple names
expand-hosts

# Disable negative caching
no-negcache

# Don't read /etc/resolv.conf
no-resolv

# Don't read the hostnames in /etc/hosts
no-hosts

# Specify upstream servers directly
{% for server in dnsmasq_servers %}
server={{ server }}
{% endfor %}

# Specify upstream servers directly (PTR)
{% for server in dnsmasq_rev_servers %}
rev-server={{ server }}
{% endfor %}

# Do not detect and block dns-rebind on queries to these domains
{% for domain in dnsmasq_rebind_domains %}
rebind-domain-ok=/{{ domain }}/
{% endfor %}

# Reject (and log) addresses from upstream nameservers which are in the private ranges
stop-dns-rebind

# Exempt 127.0.0.0/8 and ::1 from rebinding checks
rebind-localhost-ok

# Set the size of dnsmasq's cache
cache-size=4096

# Additional hosts file. Read the specified file as well as /etc/hosts
addn-hosts={{ dnsmasq_records_directory }}