{ routerAddress, netid, revIpDomain, prefixLength, domain, }:

let pkgs = import <nixpkgs> { };
in {
  services.unbound = {
    enable = true;
    interfaces = [ "127.0.0.1" routerAddress ];
    allowedAccess = [ "127.0.0.0/24" "${netid}/${toString prefixLength}" ];
    extraConfig = ''
      # Custom configuration (leave this note to assure indentation!)
        do-not-query-localhost: no
        private-domain: "${domain}."
        domain-insecure: "${domain}."
        private-domain: "${revIpDomain}.in-addr.arpa."
        domain-insecure: "${revIpDomain}.in-addr.arpa."
        local-zone: "${revIpDomain}.in-addr.arpa" transparent

        forward-zone:
            name: "${domain}."
            forward-addr: 127.0.0.1@5553

        forward-zone:
            name: "${revIpDomain}.in-addr.arpa."
           forward-addr: 127.0.0.1@5553
    '';
  };
}