|
1
|
##########################
|
|
2
|
# Unbound Configuration
|
|
3
|
##########################
|
|
4
|
|
|
5
|
##
|
|
6
|
# Server configuration
|
|
7
|
##
|
|
8
|
server:
|
|
9
|
|
|
10
|
chroot: /var/unbound
|
|
11
|
username: "unbound"
|
|
12
|
directory: "/var/unbound"
|
|
13
|
pidfile: "/var/run/unbound.pid"
|
|
14
|
use-syslog: yes
|
|
15
|
port: 53
|
|
16
|
verbosity: 5
|
|
17
|
hide-identity: yes
|
|
18
|
hide-version: yes
|
|
19
|
harden-glue: yes
|
|
20
|
do-ip4: yes
|
|
21
|
do-ip6: yes
|
|
22
|
do-udp: yes
|
|
23
|
do-tcp: yes
|
|
24
|
do-daemonize: yes
|
|
25
|
module-config: "validator iterator"
|
|
26
|
unwanted-reply-threshold: 0
|
|
27
|
num-queries-per-thread: 512
|
|
28
|
jostle-timeout: 200
|
|
29
|
infra-host-ttl: 900
|
|
30
|
infra-cache-numhosts: 10000
|
|
31
|
outgoing-num-tcp: 10
|
|
32
|
incoming-num-tcp: 10
|
|
33
|
edns-buffer-size: 4096
|
|
34
|
cache-max-ttl: 86400
|
|
35
|
cache-min-ttl: 0
|
|
36
|
harden-dnssec-stripped: yes
|
|
37
|
msg-cache-size: 4m
|
|
38
|
rrset-cache-size: 8m
|
|
39
|
|
|
40
|
num-threads: 4
|
|
41
|
msg-cache-slabs: 4
|
|
42
|
rrset-cache-slabs: 4
|
|
43
|
infra-cache-slabs: 4
|
|
44
|
key-cache-slabs: 4
|
|
45
|
outgoing-range: 4096
|
|
46
|
#so-rcvbuf: 4m
|
|
47
|
auto-trust-anchor-file: /var/unbound/root.key
|
|
48
|
prefetch: no
|
|
49
|
prefetch-key: no
|
|
50
|
use-caps-for-id: no
|
|
51
|
serve-expired: no
|
|
52
|
# Statistics
|
|
53
|
# Unbound Statistics
|
|
54
|
statistics-interval: 0
|
|
55
|
extended-statistics: yes
|
|
56
|
statistics-cumulative: yes
|
|
57
|
|
|
58
|
# TLS Configuration
|
|
59
|
tls-cert-bundle: "/etc/ssl/cert.pem"
|
|
60
|
|
|
61
|
# Interface IP(s) to bind to
|
|
62
|
interface: 10.90.90.1
|
|
63
|
interface: 192.168.1.1
|
|
64
|
interface: 127.0.0.1
|
|
65
|
interface: ::1
|
|
66
|
|
|
67
|
# Outgoing interfaces to be used
|
|
68
|
outgoing-interface: 10.90.90.1
|
|
69
|
|
|
70
|
# DNS Rebinding
|
|
71
|
# For DNS Rebinding prevention
|
|
72
|
private-address: 10.0.0.0/8
|
|
73
|
private-address: ::ffff:a00:0/104
|
|
74
|
private-address: 172.16.0.0/12
|
|
75
|
private-address: ::ffff:ac10:0/108
|
|
76
|
private-address: 169.254.0.0/16
|
|
77
|
private-address: ::ffff:a9fe:0/112
|
|
78
|
private-address: 192.168.0.0/16
|
|
79
|
private-address: ::ffff:c0a8:0/112
|
|
80
|
private-address: fd00::/8
|
|
81
|
private-address: fe80::/10
|
|
82
|
# Set private domains in case authoritative name server returns a Private IP address
|
|
83
|
private-domain: "domain1.local."
|
|
84
|
domain-insecure: "domain1.local."
|
|
85
|
private-domain: "domain2.local"
|
|
86
|
domain-insecure: "domain2.local"
|
|
87
|
|
|
88
|
|
|
89
|
# Access lists
|
|
90
|
include: /var/unbound/access_lists.conf
|
|
91
|
|
|
92
|
# Static host entries
|
|
93
|
include: /var/unbound/host_entries.conf
|
|
94
|
|
|
95
|
# dhcp lease entries
|
|
96
|
include: /var/unbound/dhcpleases_entries.conf
|
|
97
|
|
|
98
|
|
|
99
|
|
|
100
|
# Domain overrides
|
|
101
|
include: /var/unbound/domainoverrides.conf
|
|
102
|
|
|
103
|
|
|
104
|
|
|
105
|
|
|
106
|
###
|
|
107
|
# Remote Control Config
|
|
108
|
###
|
|
109
|
include: /var/unbound/remotecontrol.conf
|
