unbound.conf

1. ##########################
2. # Unbound Configuration
3. ##########################
4.  
5. ##
6. # Server configuration
7. ##
8. server:
9. chroot: /var/unbound
10. username: unbound
11. directory: /var/unbound
12. pidfile: /var/run/unbound.pid
13. root-hints: /var/unbound/root.hints
14. use-syslog: yes
15. port: 5555
16. include: /var/unbound/advanced.conf
17. harden-referral-path: no
18. do-ip4: yes
19. do-ip6: yes
20. do-udp: yes
21. do-tcp: yes
22. do-daemonize: yes
23. so-reuseport: yes
24. module-config: "python dns64 validator iterator"
25. num-threads: 4
26. msg-cache-slabs: 8
27. rrset-cache-slabs: 8
28. infra-cache-slabs: 8
29. key-cache-slabs: 8
30. auto-trust-anchor-file: /var/unbound/root.key
31.  
32.  
33.  
34. # Interface IP(s) to bind to
35. interface: 127.0.0.1
36. interface: ::1
37. interface: fe80::1%lo0
38. interface: 192.168.1.10
39. interface: fe80::a236:9fff:fe09:763a%igb0
40. interface: 192.168.2.1
41. interface: fe80::d65d:64ff:fe03:71fd%re0
42. interface: 172.16.3.77
43. interface: fe80::a236:9fff:fe09:763b%igb1
44.  
45.  
46.  
47. # Private networks for DNS Rebinding prevention (when enabled)
48. private-address: 0.0.0.0/8
49. private-address: 192.168.0.0/16
50. private-address: 198.18.0.0/15
51. private-address: ::1/128
52. private-address: 2001:db8::/32
53. private-address: fc00::/8
54. private-address: fd00::/8
55. private-address: fe80::/10
56.  
57.  
58. # Private domains (DNS Rebinding)
59. include: /var/unbound/private_domains.conf
60.  
61.  
62.  
63. root@OPNsense:~ # cat /var/unbound/unbound.conf
64. ##########################
65. # Unbound Configuration
66. ##########################
67.  
68. ##
69. # Server configuration
70. ##
71. server:
72. chroot: /var/unbound
73. username: unbound
74. directory: /var/unbound
75. pidfile: /var/run/unbound.pid
76. root-hints: /var/unbound/root.hints
77. use-syslog: yes
78. port: 5555
79. include: /var/unbound/advanced.conf
80. harden-referral-path: no
81. do-ip4: yes
82. do-ip6: yes
83. do-udp: yes
84. do-tcp: yes
85. do-daemonize: yes
86. so-reuseport: yes
87. module-config: "python dns64 validator iterator"
88. num-threads: 4
89. msg-cache-slabs: 8
90. rrset-cache-slabs: 8
91. infra-cache-slabs: 8
92. key-cache-slabs: 8
93. auto-trust-anchor-file: /var/unbound/root.key
94.  
95.  
96.  
97. # Interface IP(s) to bind to
98. interface: 127.0.0.1
99. interface: ::1
100. interface: fe80::1%lo0
101. interface: 192.168.1.10
102. interface: fe80::a236:9fff:fe09:763a%igb0
103. interface: 192.168.2.1
104. interface: fe80::d65d:64ff:fe03:71fd%re0
105. interface: 172.16.3.77
106. interface: fe80::a236:9fff:fe09:763b%igb1
107.  
108.  
109.  
110. # Private networks for DNS Rebinding prevention (when enabled)
111. private-address: 0.0.0.0/8
112. private-address: 192.168.0.0/16
113. private-address: 198.18.0.0/15
114. private-address: ::1/128
115. private-address: 2001:db8::/32
116. private-address: fc00::/8
117. private-address: fd00::/8
118. private-address: fe80::/10
119.  
120.  
121. # Private domains (DNS Rebinding)
122. include: /var/unbound/private_domains.conf
123.  
124. # Static host entries
125. include: /var/unbound/host_entries.conf
126.  
127. # DHCP leases (if configured)
128. include: /var/unbound/dhcpleases.conf
129.  
130. # Custom includes
131. include: /var/unbound/etc/*.conf
132.  
133.  
134.  
135. python:
136. python-script: dnsbl_module.py
137.  
138. remote-control:
139. control-enable: yes
140. control-interface: 127.0.0.1
141. control-port: 953
142. server-key-file: /var/unbound/unbound_server.key
143. server-cert-file: /var/unbound/unbound_server.pem
144. control-key-file: /var/unbound/unbound_control.key
145. control-cert-file: /var/unbound/unbound_control.pem
146. root@OPNsense:~ # cat /var/unbound/unbound.conf
147. ##########################
148. # Unbound Configuration
149. ##########################
150.  
151. ##
152. # Server configuration
153. ##
154. server:
155. chroot: /var/unbound
156. username: unbound
157. directory: /var/unbound
158. pidfile: /var/run/unbound.pid
159. root-hints: /var/unbound/root.hints
160. use-syslog: yes
161. port: 5555
162. include: /var/unbound/advanced.conf
163. harden-referral-path: no
164. do-ip4: yes
165. do-ip6: yes
166. do-udp: yes
167. do-tcp: yes
168. do-daemonize: yes
169. so-reuseport: yes
170. module-config: "python dns64 validator iterator"
171. num-threads: 4
172. msg-cache-slabs: 8
173. rrset-cache-slabs: 8
174. infra-cache-slabs: 8
175. key-cache-slabs: 8
176. auto-trust-anchor-file: /var/unbound/root.key
177.  
178.  
179.  
180. # Interface IP(s) to bind to
181. interface: 127.0.0.1
182. interface: ::1
183. interface: fe80::1%lo0
184. interface: 192.168.1.10
185. interface: fe80::a236:9fff:fe09:763a%igb0
186. interface: 192.168.2.1
187. interface: fe80::d65d:64ff:fe03:71fd%re0
188. interface: 172.16.3.77
189. interface: fe80::a236:9fff:fe09:763b%igb1
190.  
191.  
192.  
193. # Private networks for DNS Rebinding prevention (when enabled)
194. private-address: 0.0.0.0/8
195. private-address: 192.168.0.0/16
196. private-address: 198.18.0.0/15
197. private-address: ::1/128
198. private-address: 2001:db8::/32
199. private-address: fc00::/8
200. private-address: fd00::/8
201. private-address: fe80::/10
202.  
203.  
204. # Private domains (DNS Rebinding)
205. include: /var/unbound/private_domains.conf
206.  
207. # Static host entries
208. include: /var/unbound/host_entries.conf
209.  
210. # DHCP leases (if configured)
211. include: /var/unbound/dhcpleases.conf
212.  
213. # Custom includes
214. include: /var/unbound/etc/*.conf
215.  
216.  
217.  
218. python:
219. python-script: dnsbl_module.py
220.  
221. remote-control:
222. control-enable: yes
223. control-interface: 127.0.0.1
224. control-port: 953
225. server-key-file: /var/unbound/unbound_server.key
226. server-cert-file: /var/unbound/unbound_server.pem
227. control-key-file: /var/unbound/unbound_control.key
228. control-cert-file: /var/unbound/unbound_control.pem
229.