diff --git a/defaults/main.yml b/defaults/main.yml
index 380b745..4f81bad 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,4 +9,5 @@ repo_state: "{{ powerdns_recursor__state }}"
 forward_lst: "{{ powerdns_recursor.forward_lst | default ([]) }}"
 #  domain: auth_server_ip
 nta_lst: "{{ powerdns_recursor.nta_lst | default([]) }}"
+allow_lst: "{{ powerdns_recursor.allow_lst | default (['127.0.0.0/8', '10.0.0.0/8']) }}"
 root_cached: "{{ powerdns_recursor.root_cached | default('file') }}"
diff --git a/templates/etc/powerdns/recursor.d/allow.lst.j2 b/templates/etc/powerdns/recursor.d/allow.lst.j2
index 5c994f2..652fd7f 100644
--- a/templates/etc/powerdns/recursor.d/allow.lst.j2
+++ b/templates/etc/powerdns/recursor.d/allow.lst.j2
@@ -1,6 +1,8 @@
 #
 # WARNING: auto-generated by Ansible powerdns-recursor role.
 #
-127.0.0.0/8
-100.64.0.0/10
-169.254.0.0/16
+{% if allow_lst is defined and allow_lst | length > 0 %}
+{% for allowed_addr in allow_lst %}
+{{ allowed_addr }}
+{% endfor %}
+{% endif %}