From aa5de65d3054fbdd82cd12c2e0d55d02db2bfc3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20D=C3=A9siles?=
 <1536672+cdesiles@users.noreply.github.com>
Date: Sun, 18 Jan 2026 13:21:15 +0100
Subject: [PATCH] fix: unbound ipv6 localhost

---
 roles/unbound/templates/custom-vpn.conf.j2 | 2 ++
 roles/unbound/templates/unbound.conf.j2    | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/unbound/templates/custom-vpn.conf.j2 b/roles/unbound/templates/custom-vpn.conf.j2
index 23f1af0..bd62469 100644
--- a/roles/unbound/templates/custom-vpn.conf.j2
+++ b/roles/unbound/templates/custom-vpn.conf.j2
@@ -2,11 +2,13 @@
 view:
     name: "vpn"
     view-first: yes
+{% if unbound_custom_vpn_records is defined %}
 {% for host, ips in unbound_custom_vpn_records.items() %}
     local-data: "{{ host }}.        IN A {{ ips.v4 }}"
     {% if ips.v6 is defined %}
     local-data: "{{ host }}.        IN AAAA {{ ips.v6 }}"
     {% endif %}
 {% endfor %}
+{% endif %}
 
 include: "{{ unbound_ad_servers_config_path }}"
diff --git a/roles/unbound/templates/unbound.conf.j2 b/roles/unbound/templates/unbound.conf.j2
index c51e2c8..6086587 100644
--- a/roles/unbound/templates/unbound.conf.j2
+++ b/roles/unbound/templates/unbound.conf.j2
@@ -12,7 +12,8 @@ server:
     ip-freebind: yes
 
     # Define interface binds by IP address
-    interface: 127.0.0.1                      # lo
+    interface: 127.0.0.1                      # lo (IPv4)
+    interface: ::1                            # lo (IPv6)
     interface: {{ unbound_interface_lan }}    # lan0
     interface: {{ unbound_interface_vpn }}    # wg0
 
@@ -95,6 +96,7 @@ server:
 
     # Ensure kernel buffer is large enough to not lose messages in traffic spikes
     so-rcvbuf: 1m
+    so-sndbuf: 0
 
     # Ensure privacy of local IP ranges
     private-address: 192.168.0.0/16