Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server:
- module-config: "validator iterator"
- username: "_unbound"
- directory: "/usr/local/unbound"
- chroot: "/usr/local/unbound"
- do-daemonize: no
- tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
- root-hints: /usr/local/unbound/root.hints
- auto-trust-anchor-file: "/usr/local/unbound/root.key"
- trust-anchor-signaling: yes
- # ACCESS CONTROL
- access-control: 127.0.0.0/8 allow
- access-control: 192.168.0.0/16 allow
- access-control: 172.16.0.0/12 allow
- access-control: 10.0.0.0/8 allow
- access-control: 172.16.0.253 allow
- access-control: 0.0.0.0/0 allow
- access-control: fc00::/7 deny
- access-control: ::1/128 deny
- access-control: ::0/0 deny
- access-control: ::ffff:127.0.0.1 deny
- # INTERFACES
- interface: 127.0.0.1@53
- #interface: ::1@53
- interface: 0.0.0.0@5335
- #interface: ::0@5335
- #outgoing-interface: 0.0.0.0
- so-reuseport: yes
- do-ip4: yes
- do-ip6: no
- do-tcp: yes
- do-udp: yes
- udp-connect: yes
- prefer-ip4: yes
- prefer-ip6: no
- # LOGGING
- use-syslog: no
- log-time-ascii: yes
- logfile: "/usr/local/unbound/log.d/unbound.log"
- log-local-actions: no
- log-queries: no
- log-replies: no
- log-servfail: yes
- val-log-level: 2
- verbosity: 1
- # PERFORMANCE
- num-threads: 2
- num-queries-per-thread: 4096
- cache-max-ttl: 86400
- cache-min-ttl: 0
- edns-buffer-size: 1472
- rrset-roundrobin: yes
- neg-cache-size: 4M
- delay-close: 10000
- rrset-cache-size: 256m
- rrset-cache-slabs: 4
- ratelimit: 1000
- unwanted-reply-threshold: 10000
- infra-cache-slabs: 4
- infra-cache-numhosts: 100000
- msg-cache-size: 256m
- msg-cache-slabs: 4
- key-cache-size: 4m
- key-cache-slabs: 4
- prefetch: yes
- prefetch-key: yes
- serve-expired: yes
- max-udp-size: 4096
- msg-buffer-size: 65552
- stream-wait-size: 4m
- outgoing-range: 32768
- outgoing-port-permit: 32768
- do-not-query-localhost: no
- unblock-lan-zones: no
- insecure-lan-zones: yes
- private-domain: "yourdomain.lan."
- private-domain: "0.168.192.in-addr.arpa."
- domain-insecure: "yourdomain.lan."
- domain-insecure: "0.168.192.in-addr.arpa."
- private-address: 10.0.0.0/8
- private-address: 172.16.0.0/12
- private-address: 192.168.0.0/16
- private-address: 169.254.0.0/16
- private-address: fd00::/8
- private-address: fe80::/10
- private-address: ::ffff:0:0/96
- hide-identity: yes
- identity: "server"
- hide-version: yes
- version: ""
- aggressive-nsec: yes
- qname-minimisation: yes
- qname-minimisation-strict: no
- disable-dnssec-lame-check: no
- hide-trustanchor: yes
- harden-algo-downgrade: yes
- harden-below-nxdomain: yes
- harden-dnssec-stripped: yes
- harden-glue: yes
- harden-large-queries: yes
- harden-referral-path: yes
- harden-short-bufsize: yes
- minimal-responses: yes
- deny-any: yes
- use-caps-for-id: yes
- val-clean-additional: yes
- val-max-restart: 5
- root-key-sentinel: yes
- zonemd-permissive-mode: no
- # REMOTE CONTROL
- remote-control:
- control-enable: no
- control-use-cert: no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement