diff --git a/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml b/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml
new file mode 100644
index 000000000..c32956c07
--- /dev/null
+++ b/releasenotes/notes/Add-Unbound-forwarder-support-9bdc3ef54104ff30.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds support for Unbound to forward DNS resolution requests to other
+    DNS resolvers (DNS resolver forwarding).
diff --git a/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml b/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml
index cf38bd35b..d769eaaed 100644
--- a/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_unbound/defaults/main.yml
@@ -25,3 +25,6 @@ tripleo_unbound_config_basedir: "/var/lib/config-data/ansible-generated/unbound"
 tripleo_unbound_allowed_cidrs: []
 tripleo_unbound_log_queries: false
 tripleo_unbound_security_harden: true
+tripleo_unbound_forward_resolvers: []
+tripleo_unbound_allow_recursion: true
+tripleo_unbound_forward_fallback: true
diff --git a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml b/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
index 22e971f2a..b5f83e8b5 100644
--- a/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo_unbound/tasks/main.yml
@@ -58,9 +58,21 @@
     setype: container_file_t
   register: _unbound_config_result
 
+- name: Create the TripleO Unbound forwarders configuration file
+  become: true
+  ansible.builtin.template:
+    src: tripleo-forwarder-unbound.conf.j2
+    dest: "{{ tripleo_unbound_config_basedir }}/tripleo-forwarder-unbound.conf"
+    mode: '0640'
+    selevel: s0
+    setype: container_file_t
+  when:
+    - tripleo_unbound_forward_resolvers is defined and tripleo_unbound_forward_resolvers != ""
+  register: _unbound_fwd_config_result
+
 - name: Restart Unbound
   when:
-    - _unbound_config_result.changed
+    - _unbound_config_result.changed or _unbound_fwd_config_result.changed
   block:
     - name: check if tripleo_unbound systemd service is active
       become: true
diff --git a/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2 b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
new file mode 100644
index 000000000..efae8494c
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_unbound/templates/tripleo-forwarder-unbound.conf.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+{#
+This template is for the TripleO forwarder Unbound configuration file.
+
+No service specific settings should be made in this file.
+
+It will be placed in the /etc/unbound/conf.d directory and will override the
+configuration settings provided in the base Unbound package from the
+distribution.
+#}
+#
+# These settings are made by TripleO, do not modify directly.
+# The settings in this file will override the package provided settings.
+#
+
+forward-zone:
+    name: "."
+{% for forwarder in tripleo_unbound_forward_resolvers %}
+    forward-addr: {{ forwarder }}
+{% endfor %}
+{% if tripleo_unbound_forward_fallback and tripleo_unbound_allow_recursion %}
+    forward-first: yes
+{% else %}
+    forward-first: no
+{% endif %}