Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server:
- verbosity: 0
- use-syslog: no
- interface: 0.0.0.0
- port: 8053
- do-ip4: yes
- do-ip6: no
- do-udp: yes
- do-tcp: yes
- # Access control list
- access-control: 10.0.0.185/8 allow_snoop
- # Log
- log-queries: no
- log-replies: no
- log-tag-queryreply: no
- log-local-actions: no
- # Use this only when you downloaded the list of primary root servers!
- root-hints: "/opt/unbound/etc/unbound/root.hints"
- # Trust glue only if it is within the servers authority
- harden-glue: yes
- # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
- harden-dnssec-stripped: yes
- # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
- # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
- use-caps-for-id: no
- # Reduce EDNS reassembly buffer size.
- # Suggested by the unbound man page to reduce fragmentation reassembly problems
- edns-buffer-size: 1472
- # TTL bounds for cache
- cache-min-ttl: 900
- cache-max-ttl: 86400
- # Perform prefetching of close to expired message cache entries
- # This only applies to domains that have been frequently queried
- prefetch: yes
- # Ensure kernel buffer is large enough to not loose messages in traffic spikes
- #so-rcvbuf: 1m
- # Ensure privacy of local IP ranges
- private-address: 192.168.0.0/16
- private-address: 192.168.1.0/16
- private-address: 172.16.0.0/12
- private-address: 10.0.0.0/8
- # One thread should be sufficient, can be increased on beefy machines
- num-threads: 4
- num-queries-per-thread: 2048
- # more cache memory, rrset=msg*2
- rrset-cache-size: 500m
- msg-cache-size: 250m
- # more outgoing connections
- # depends on number of cores: 1024/cores - 50
- outgoing-range: 4096
- # Larger socket buffer. OS may need config.
- so-sndbuf: 4m
- # Faster UDP with multithreading (only on Linux).
- so-reuseport: yes
- # infra-cache-numhosts: 10000
- infra-cache-numhosts: 100000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement