API tools faq
paste
Bimmou

Unbound config

Bimmou
Jan 1st, 2026
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report
  1. server:
  2.  
  3. #log-queries: yes
  4. #log-replies: yes
  5. #log-serviced-queries: yes
  6. #logfile: "/var/log/unbound.log"
  7. #verbosity: 1
  8.  
  9. interface: 127.0.0.1
  10. interface: ::1
  11.  
  12. port: 5335
  13.  
  14. access-control: 127.0.0.1/32 allow
  15. access-control: ::1/128 allow
  16.  
  17. access-control: ::0/0 refuse
  18. access-control: 0.0.0.0/0 refuse
  19.  
  20. num-threads: 2
  21.  
  22. rrset-cache-slabs: 2
  23. msg-cache-slabs: 2
  24. infra-cache-slabs: 2
  25. key-cache-slabs: 2
  26.  
  27. do-ip4: yes
  28. do-ip6: yes
  29. prefer-ip6: no
  30. do-udp: yes
  31. do-tcp: yes
  32.  
  33. hide-identity: yes
  34. hide-version: yes
  35. harden-glue: yes
  36. harden-dnssec-stripped: yes
  37. use-caps-for-id: yes
  38. harden-algo-downgrade: yes
  39. harden-below-nxdomain: yes
  40. harden-referral-path: no
  41.  
  42. minimal-responses: yes
  43. qname-minimisation: yes
  44. qname-minimisation-strict: no
  45. fast-server-permil: 900
  46. fast-server-num: 3
  47. max-query-restarts: 11
  48.  
  49. rrset-roundrobin: yes
  50. rrset-cache-size: 256m
  51. msg-cache-size: 128m
  52. key-cache-size: 34m
  53. cache-min-ttl: 300
  54. cache-max-ttl: 86400
  55. infra-cache-numhosts: 50000
  56. neg-cache-size: 4m
  57.  
  58. serve-expired: yes
  59. serve-expired-ttl: 86400
  60. serve-expired-ttl-reset: yes
  61. serve-expired-reply-ttl: 30
  62. serve-expired-client-timeout: 1000
  63.  
  64. prefetch: yes
  65. prefetch-key: yes
  66.  
  67. edns-buffer-size: 1232
  68. max-udp-size: 1232
  69.  
  70. so-rcvbuf: 8m
  71. so-sndbuf: 8m
  72.  
  73. incoming-num-tcp: 100
  74. outgoing-num-tcp: 100
  75.  
  76. so-reuseport: yes
  77. aggressive-nsec: yes
  78.  
  79. ratelimit: 1000
  80. ip-ratelimit: 1000
  81.  
  82. outgoing-range: 8192
  83. num-queries-per-thread: 4096
  84. jostle-timeout: 200
  85.  
  86. infra-host-ttl: 600
  87. delay-close: 10000
  88.  
  89. target-fetch-policy: "3 2 1 1 1"
  90.  
  91. auto-trust-anchor-file: "/var/lib/unbound/root.key"
  92. trust-anchor-signaling: yes
  93. val-clean-additional: yes
  94. val-permissive-mode: no
  95.  
  96. unwanted-reply-threshold: 10000
  97.  
  98. root-hints: "/var/lib/unbound/root.hints"
  99.  
  100. module-config: "validator cachedb iterator"
  101.  
  102. private-address: 10.0.0.0/8
  103. private-address: 172.16.0.0/12
  104. private-address: 192.168.0.0/16
  105. private-address: 169.254.0.0/16
  106. private-address: fd00::/8
  107. private-address: fe80::/10
  108.  
  109. cachedb:
  110. backend: "redis"
  111. redis-server-host: 127.0.0.1
  112. redis-server-port: 6379
  113. redis-logical-db: 0
  114. redis-expire-records: no
  115.  
  116. remote-control:
  117. control-enable: yes
  118. control-interface: 127.0.0.1
  119. control-port: 8953
  120. server-key-file: "/etc/unbound/unbound_server.key"
  121. server-cert-file: "/etc/unbound/unbound_server.pem"
  122. control-key-file: "/etc/unbound/unbound_control.key"
  123. control-cert-file: "/etc/unbound/unbound_control.pem"
Tags: Unbound
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!