diff --git a/unbound/defaults/main.yml b/unbound/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6af1741a472c419076e54e7ebc34d932c265e5a0
--- /dev/null
+++ b/unbound/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+unbound_auth_zones: []
diff --git a/unbound/tasks/main.yml b/unbound/tasks/main.yml
index ccdecfb1630b3a85e57a1bfff6a49c8474419c04..70cfeaf3ef6fde167bf3dbaca9a97f021fa92c09 100644
--- a/unbound/tasks/main.yml
+++ b/unbound/tasks/main.yml
@@ -8,6 +8,23 @@
     - packages
     - unbound
 
+- name: Create directory for zones
+  file:
+    path: /etc/unbound/zones
+    state: directory
+  tags:
+    - unbound
+
+- name: Install authoritative zone files
+  copy:
+    src: "{{ item.file }}"
+    dest: "/etc/unbound/zones/{{ item.zone }}zone"
+  loop: "{{ unbound_auth_zones }}"
+  notify:
+    - restart unbound
+  tags:
+    - unbound
+
 - name: Install unbound config
   template:
     src: unbound.conf.j2
diff --git a/unbound/templates/unbound.conf.j2 b/unbound/templates/unbound.conf.j2
index ff7cb81d34744f92410e97d8869e9494ddf5a770..404cc55c3aac6926cb38b1c1ee48a4613f4be80f 100644
--- a/unbound/templates/unbound.conf.j2
+++ b/unbound/templates/unbound.conf.j2
@@ -2,14 +2,29 @@ server:
 	interface: 0.0.0.0
 	interface: ::
 	prefetch: yes
-	{% for i in unbound_allowed_hosts %}
-	access-control: {{i}} allow
+	{% for i in unbound_allowed_hosts -%}
+	access-control: {{ i }} allow
+	{% endfor -%}
+	{% for i in unbound_auth_zones if i.local_zone_transparent|default(False) -%}
+	local-zone: {{ i.zone }} transparent
 	{% endfor %}
 
+remote-control:
+	control-enable: yes
+
 {% if unbound_upstream_hosts is defined and unbound_upstream_hosts %}
 forward-zone:
 	name: "."
-	{% for i in unbound_upstream_hosts %}
+	{% for i in unbound_upstream_hosts -%}
 	forward-addr: {{i}}
 	{% endfor %}
 {% endif %}
+
+{% for i in unbound_auth_zones -%}
+auth-zone:
+	name: {{ i.zone }}
+	zonefile: zones/{{ i.zone }}zone
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}