########################### Unbound Configuration##########################

1. ##########################
2. # Unbound Configuration
3. ##########################
4.  
5. ##
6. # Server configuration
7. ##
8. server:
9. chroot: /var/unbound
10. username: unbound
11. directory: /var/unbound
12. pidfile: /var/run/unbound.pid
13. root-hints: /var/unbound/root.hints
14. use-syslog: yes
15. port: 53
16. verbosity: 2
17. extended-statistics: no
18. log-queries: no
19. hide-identity: yes
20. hide-version: yes
21. harden-referral-path: no
22. do-ip4: yes
23. do-ip6: yes
24. do-udp: yes
25. do-tcp: yes
26. do-daemonize: yes
27. module-config: "validator iterator"
28. cache-max-ttl: 86400
29. cache-min-ttl: 900
30. harden-dnssec-stripped: no
31. serve-expired: yes
32. outgoing-num-tcp: 20
33. incoming-num-tcp: 20
34. num-queries-per-thread: 4096
35. outgoing-range: 8192
36. infra-host-ttl: 900
37. infra-cache-numhosts: 50000
38. unwanted-reply-threshold: 0
39. jostle-timeout: 200
40. msg-cache-size: 100m
41. rrset-cache-size: 200m
42. num-threads: 2
43. msg-cache-slabs: 4
44. rrset-cache-slabs: 4
45. infra-cache-slabs: 4
46. key-cache-slabs: 4
47.  
48. auto-trust-anchor-file: /var/unbound/root.key
49.  
50. prefetch: yes
51. prefetch-key: yes
52.  
53. # Interface IP(s) to bind to
54. interface: 0.0.0.0
55. interface: ::0
56. interface-automatic: yes
57.  
58.  
59.  
60. # DNS Rebinding
61. # For DNS Rebinding prevention
62. #
63. # All these addresses are either private or should not be routable in the global IPv4 or IPv6 internet.
64. #
65. # IPv4 Addresses
66. #
67. private-address: 0.0.0.0/8 # Broadcast address
68. private-address: 10.0.0.0/8
69. private-address: 100.64.0.0/10
70. private-address: 127.0.0.0/8 # Loopback Localhost
71. private-address: 169.254.0.0/16
72. private-address: 172.16.0.0/12
73. private-address: 192.0.2.0/24 # Documentation network TEST-NET
74. private-address: 192.168.0.0/16
75. private-address: 198.18.0.0/15 # Used for testing inter-network communications
76. private-address: 198.51.100.0/24 # Documentation network TEST-NET-2
77. private-address: 203.0.113.0/24 # Documentation network TEST-NET-3
78. private-address: 233.252.0.0/24 # Documentation network MCAST-TEST-NET
79. #
80. # IPv6 Addresses
81. #
82. private-address: ::1/128 # Loopback Localhost
83. private-address: 2001:db8::/32 # Documentation network IPv6
84. private-address: fc00::/8 # Unique local address (ULA) part of "fc00::/7", not defined yet
85. private-address: fd00::/8 # Unique local address (ULA) part of "fc00::/7", "/48" prefix group
86. private-address: fe80::/10 # Link-local address (LLA)
87. # Set private domains in case authoritative name server returns a Private IP address
88. private-domain: "voip.windtre.it"
89. domain-insecure: "voip.windtre.it"
90.  
91.  
92. # Access lists
93. include: /var/unbound/access_lists.conf
94.  
95. # Static host entries
96. include: /var/unbound/host_entries.conf
97.  
98. # DHCP leases (if configured)
99. include: /var/unbound/dhcpleases.conf
100.  
101. # Domain overrides
102. include: /var/unbound/domainoverrides.conf
103.  
104. # Custom includes (plugins)
105. include: /var/unbound/etc/*.conf
106.  
107.  
108.  
109.  
110.  
111. remote-control:
112. control-enable: yes
113. control-interface: 127.0.0.1
114. control-port: 953
115. server-key-file: /var/unbound/unbound_server.key
116. server-cert-file: /var/unbound/unbound_server.pem
117. control-key-file: /var/unbound/unbound_control.key
118. control-cert-file: /var/unbound/unbound_control.pem
119.