diff --git a/roles/nginx/files/00-default-catch-all.conf b/roles/nginx/files/00-default-catch-all.conf
new file mode 100644
index 0000000..d406a74
--- /dev/null
+++ b/roles/nginx/files/00-default-catch-all.conf
@@ -0,0 +1,11 @@
+# This is the default catch-all server.
+# It handles any request for a domain that is not explicitly configured.
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name _;
+
+    # Return a 404 Not Found error.
+    return 404;
+}
\ No newline at end of file
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index a9e763b..ee5ce8b 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -14,4 +14,13 @@
   ansible.builtin.file:
     path: /etc/nginx/sites-enabled/default
     state: absent
+  notify: Reload Nginx
+
+- name: "Create a default catch-all server block"
+  ansible.builtin.copy:
+    src: 00-default-catch-all.conf
+    dest: /etc/nginx/conf.d/00-default-catch-all.conf
+    owner: root
+    group: root
+    mode: '0644'
   notify: Reload Nginx
\ No newline at end of file