diff --git a/manifests/unbound.pp b/manifests/unbound.pp
new file mode 100644
index 0000000..19f4fd3
--- /dev/null
+++ b/manifests/unbound.pp
@@ -0,0 +1,36 @@
+# Parameters for the unbound DNS resolver
+class profile::unbound {
+  $has_local_cache = hiera('dns::local_cache')
+
+  $package = 'unbound'
+  $service = 'unbound'
+  $forwarders_file = '/etc/unbound/unbound.conf.d/forwarders.conf'
+
+  if $has_local_cache {
+    $forwarders = hiera('dns::forwarders')
+    $forward_zones = hiera('dns::forward_zones')
+
+    package {$package:
+      ensure => installed,
+    }
+
+    service {$service:
+      ensure  => started,
+      enable  => true,
+      require => [
+        Package[$package],
+        File[$forwarders_file],
+      ]
+    }
+
+    # uses variables $forwarders, $forward_zones
+    file {'/etc/unbound/unbound.conf.d/forwarders.conf':
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      content => template('profile/unbound/forwarders.conf.erb'),
+      require => Package[$package],
+      notify  => Service[$service],
+    }
+  }
+}
diff --git a/templates/unbound/forwarders.conf.erb b/templates/unbound/forwarders.conf.erb
new file mode 100644
index 0000000..34eb06d
--- /dev/null
+++ b/templates/unbound/forwarders.conf.erb
@@ -0,0 +1,13 @@
+forward-zone:
+    name: "."
+<% @forwarders.each do |forwarder| -%>
+    forward-addr: <%= forwarder %>
+<% end -%>
+
+<% @forward_zones.each do |zone, forwarders| -%>
+forward-zone:
+    name: "<%= zone %>."
+<% forwarders.each do |forwarder| -%>
+    forward-addr: <%= forwarder %>
+<% end -%>
+<% end -%>