unbound-config

1. > Linux pihole2 4.19.66-v7+ #1253 SMP Thu Aug 15 11:49:46 BST 2019 armv7l GNU/Linux
2.  
3. server:
4.     # If no logfile is specified, syslog is used
5.     logfile: "/var/log/unbound/unbound.log"
6.     verbosity: 2
7.  
8.     port: 5353
9.     do-ip4: yes
10.     do-udp: yes
11.     do-tcp: yes
12.  
13.     # May be set to yes if you have IPv6 connectivity
14.     do-ip6: no
15.  
16.     # Use this only when you downloaded the list of primary root servers!
17.     root-hints: "/var/lib/unbound/root.hints"
18.  
19.     # Trust glue only if it is within the servers authority
20.     harden-glue: yes
21.  
22.     # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
23.     harden-dnssec-stripped: yes
24.  
25.     # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
26.     # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
27.     use-caps-for-id: no
28.  
29.     # Reduce EDNS reassembly buffer size.
30.     # Suggested by the unbound man page to reduce fragmentation reassembly problems
31.     edns-buffer-size: 1472
32.  
33.     # Perform prefetching of close to expired message cache entries
34.     # This only applies to domains that have been frequently queried
35.     prefetch: yes
36.  
37.     # This attempts to reduce latency by serving the outdated record before
38.     # updating it instead of the other way around. Alternative is to increase
39.     # cache-min-ttl to e.g. 3600.
40.     cache-min-ttl: 0
41.     serve-expired: yes
42.     # serve-expired-ttl: 3600 # 0 or not set means unlimited (I think)
43.  
44.     # Use about 2x more for rrset cache, total memory use is about 2-2.5x
45.     # total cache size. Current setting is way overkill for a small network.
46.     # Judging from my used cache size you can get away with 8/16 and still
47.     # have lots of room, but I've got the ram and I'm not using it on anything else.
48.     # Default is 4m/4m
49.     msg-cache-size: 128m
50.     rrset-cache-size: 256m
51.  
52.     # One thread should be sufficient, can be increased on beefy machines.
53.     num-threads: 2
54.  
55.     # Ensure kernel buffer is large enough to not lose messages in traffic spikes
56.     so-rcvbuf: 1m
57.  
58.     # Ensure privacy of local IP ranges
59.     private-address: 192.168.0.0/16
60.     private-address: 169.254.0.0/16
61.     private-address: 172.16.0.0/12
62.     private-address: 10.0.0.0/8
63.     private-address: fd00::/8
64.     private-address: fe80::/10
65.  
66.     # Allow this domain, and all its subdomains to contain private addresses.
67.     private-domain: "lab.example.com"
68.  
69.     # enable remote-control
70.     remote-control:
71.     control-enable: yes
72.  
73. # enable extended statistics.  REQUIRES: <https://www.zabbix.com/documentation/3.4/manual/concepts/sender>
74. server:
75.     statistics-interval: 0
76.     extended-statistics: yes
77.     # set to yes if graphing tool needs it
78.     statistics-cumulative: yes