API tools faq
paste
Advertisement
Guest User

unbound.conf

a guest
Sep 8th, 2023
446
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.11 KB | None | 0 0
raw download clone embed print report
  1. server:
  2.  
  3. verbosity: 0
  4. use-syslog: no
  5. interface: 0.0.0.0
  6. port: 8053
  7. do-ip4: yes
  8. do-ip6: no
  9. do-udp: yes
  10. do-tcp: yes
  11.  
  12. # Access control list
  13. access-control: 10.0.0.185/8 allow_snoop
  14.  
  15. # Log
  16. log-queries: no
  17. log-replies: no
  18. log-tag-queryreply: no
  19. log-local-actions: no
  20.  
  21. # Use this only when you downloaded the list of primary root servers!
  22. root-hints: "/opt/unbound/etc/unbound/root.hints"
  23.  
  24. # Trust glue only if it is within the servers authority
  25. harden-glue: yes
  26.  
  27. # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
  28. harden-dnssec-stripped: yes
  29.  
  30. # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
  31. # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
  32. use-caps-for-id: no
  33.  
  34. # Reduce EDNS reassembly buffer size.
  35. # Suggested by the unbound man page to reduce fragmentation reassembly problems
  36. edns-buffer-size: 1472
  37.  
  38. # TTL bounds for cache
  39. cache-min-ttl: 900
  40. cache-max-ttl: 86400
  41.  
  42. # Perform prefetching of close to expired message cache entries
  43. # This only applies to domains that have been frequently queried
  44. prefetch: yes
  45.  
  46. # Ensure kernel buffer is large enough to not loose messages in traffic spikes
  47. #so-rcvbuf: 1m
  48.  
  49. # Ensure privacy of local IP ranges
  50. private-address: 192.168.0.0/16
  51. private-address: 192.168.1.0/16
  52. private-address: 172.16.0.0/12
  53. private-address: 10.0.0.0/8
  54.  
  55. # One thread should be sufficient, can be increased on beefy machines
  56. num-threads: 4
  57. num-queries-per-thread: 2048
  58.  
  59. # more cache memory, rrset=msg*2
  60. rrset-cache-size: 500m
  61. msg-cache-size: 250m
  62.  
  63. # more outgoing connections
  64. # depends on number of cores: 1024/cores - 50
  65. outgoing-range: 4096
  66.  
  67. # Larger socket buffer. OS may need config.
  68. so-sndbuf: 4m
  69.  
  70. # Faster UDP with multithreading (only on Linux).
  71. so-reuseport: yes
  72.  
  73. # infra-cache-numhosts: 10000
  74. infra-cache-numhosts: 100000
  75.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!