diff --git a/group_vars/all b/group_vars/all
index d0032a6..c2048b8 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -155,6 +155,7 @@ unbound:
         - lan
         - mesh
         - private
+    allow_lan_dns: True
 
 bluetooth:
     disable: False
diff --git a/roles/openresolv/templates/resolvconf.conf.j2 b/roles/openresolv/templates/resolvconf.conf.j2
index 30b7e45..6226015 100644
--- a/roles/openresolv/templates/resolvconf.conf.j2
+++ b/roles/openresolv/templates/resolvconf.conf.j2
@@ -2,4 +2,11 @@
 # See resolvconf.conf(5) for details
 
 resolv_conf=/etc/resolv.conf
-{% if unbound %}name_servers=127.0.0.1{% endif %}
+
+{% if unbound %}
+name_servers=127.0.0.1
+{% if unbound.allow_lan_dns %}
+unbound_conf=/etc/unbound/resolvconf.conf
+private_interfaces="*"
+{% endif %}
+{% endif %}
diff --git a/roles/unbound/templates/unbound.conf.j2 b/roles/unbound/templates/unbound.conf.j2
index a815181..4fabbd1 100644
--- a/roles/unbound/templates/unbound.conf.j2
+++ b/roles/unbound/templates/unbound.conf.j2
@@ -1,3 +1,6 @@
+{% if unbound.allow_lan_dns %}include: "/etc/unbound/resolvconf.conf"
+{% endif %}
+
 server:
   interface: 127.0.0.1
   use-syslog: yes