{ internalRouterIP, networkIdIP, revIpDomain, internalPrefixLength? 24, localDomain, }:

let pkgs = import <nixpkgs> { };
in {
  services.unbound = {
    enable = true;
    interfaces = [ "127.0.0.1" internalRouterIP ];
    allowedAccess = [ "127.0.0.0/24" "${networkIdIP}/${toString internalPrefixLength}" ];
    extraConfig = ''
      # Custom configuration (leave this note to assure indentation!)
        do-not-query-localhost: no
        private-domain: "${localDomain}."
        domain-insecure: "${localDomain}."
        private-domain: "${revIpDomain}.in-addr.arpa."
        domain-insecure: "${revIpDomain}.in-addr.arpa."
        local-zone: "${revIpDomain}.in-addr.arpa" transparent

        forward-zone:
            name: "${localDomain}."
            forward-addr: 127.0.0.1@5553

        forward-zone:
            name: "${revIpDomain}.in-addr.arpa."
           forward-addr: 127.0.0.1@5553
    '';
  };
}