Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server:
- statistics-cumulative: yes
- port: 53
- prefer-ip6: no
- do-ip6: no
- do-ip4: yes
- do-udp: yes
- do-tcp: yes
- tcp-upstream: no
- #threads and memory(maybe change 4->2 for android and 32->8or4)
- num-threads: 4
- so-reuseport: yes #unsure if works on android(improves multithreading port usage)
- msg-cache-size: 32m
- msg-cache-slabs: 4
- rrset-cache-size: 32m
- rrset-cache-slabs: 4
- infra-host-ttl: 900
- infra-cache-slabs: 4
- infra-cache-numhosts: 30000
- key-cache-size: 32m
- key-cache-slabs: 4
- neg-cache-size: 32m
- #maybe irrelevant for android
- use-systemd: no
- do-daemonize: no
- #only allow localhost requests
- access-control: 0.0.0.0/0 refuse
- access-control: 127.0.0.0/8 allow
- #prevent dns rebind attacks(strip any occurances of these addresses from dns results)
- private-address: 192.168.0.0/16
- private-address: 127.0.0.0/8
- private-address: 10.0.0.0/8
- private-address: 172.16.0.0/12
- #block all ipv6 since not being used and can possibly circumvent above blocks
- private-address: ::/0
- #ad block list
- include: /etc/unbound/adb.list
- #probably change "" to "unbound" to be more contained but it wasn't important to me
- chroot: ""
- username: ""
- directory: "/etc/unbound"
- use-syslog: yes
- target-fetch-policy: "3 2 1 0 0"
- harden-short-bufsize: yes
- harden-large-queries: yes
- harden-glue: yes
- harden-dnssec-stripped: no
- qname-minimisation: yes
- #prefetch cache entries
- prefetch: yes
- #but not dnssec keys
- prefetch-key: no
- rrset-roundrobin: yes
- minimal-responses: yes
- disable-dnssec-lame-check: yes
- #no dnssec(faster less cpu & i think cloudflare and quad9 do their own dnssec check)
- module-config: "iterator"
- #save expired(0ttl) entries in the cache and serve the cache upon request while also updating the cache afterwards
- serve-expired: yes
- unblock-lan-zones: no
- remote-control:
- #unbound-control commandline usable via localhost
- control-enable: yes
- control-use-cert: no
- forward-zone:
- name: "."
- forward-addr: 1.1.1.1@853 # Cloudflare primary
- forward-addr: 1.0.0.1@853 # Cloudflare secondary
- forward-addr: 9.9.9.9@853 #quad9
- forward-addr: 149.112.112.112@853 #quad9
- forward-ssl-upstream: yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement