Stop using OpenDNS

Ianw noticed problems on fedora29 with unbound. That resulted in a bug
filed upstream,
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4226. In this bug
the helpful unbound maintainers point out that OpenDNS servers are
having trouble with RRSIG records which leads to not validating dnssec
which we require in our unbound config.

Address this by switching to CloudFlare DNS which is suppsoed to be
super localized (aka responsive), and not record queries against it.
Also if we want to we can update our config to do dns over tls against
these servers.

Change-Id: I8137239c2f53381afd87d420a5fe44064c669f87

roles/configure-unbound/README.rst

@@ -11,7 +11,7 @@ usable IPv6 default route, otherwise IPv4.
 **Role Variables**
 
 .. zuul:rolevar:: unbound_primary_nameserver_v4
-   :default: 208.67.222.222 (OpenDNS)
+   :default: 1.1.1.1 (CloudFlare)
 
    The primary IPv4 nameserver for fowarding requests
 
@@ -21,7 +21,7 @@ usable IPv6 default route, otherwise IPv4.
    The secondary IPv4 nameserver for fowarding requests
 
 .. zuul:rolevar:: unbound_primary_nameserver_v6
-   :default: 2620:0:ccc::2 (OpenDNS)
+   :default: 2606:4700:4700::1111 (CloudFlare)
 
    The primary IPv6 nameserver for fowarding requests
 

roles/configure-unbound/defaults/main.yaml

@@ -1,6 +1,6 @@
 # OpenDNS
-unbound_primary_nameserver_v6: "2620:0:ccc::2"
-unbound_primary_nameserver_v4: "208.67.222.222"
+unbound_primary_nameserver_v6: "2606:4700:4700::1111"
+unbound_primary_nameserver_v4: "1.1.1.1"
 
 # Google
 unbound_secondary_nameserver_v6: "2001:4860:4860::8888"