# {{ ansible_managed }}

resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
  - GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private: 1
round_robin_upstreams: 1
idle_timeout: 10000

listen_addresses:
{% for address in stubby_listen_addresses %}
  - {{ address }}
{% endfor %}

upstream_recursive_servers:
{% for server in stubby_upstream_recursive_servers %}
  - address_data: {{ server.address_data }}
{% if server.tls_port is defined %}
    tls_port: {{ server.tls_port }}
{% endif %}
    tls_auth_name: "{{ server.tls_auth_name }}"
{% if server.tls_pubkey_pinset is defined %}
    tls_pubkey_pinset:
{% for pubkey in server.tls_pubkey_pinset %}
      - digest: "{{ pubkey.digest }}"
        value: {{ pubkey.value }}
{% endfor %}
{% endif %}
{% endfor %}