version 1.14, 2018/12/16 20:41:30 |
version 1.15, 2019/07/15 10:18:20 |
|
|
# |
# |
#tcp-upstream: yes |
#tcp-upstream: yes |
|
|
|
# CA Certificates used for forward-tls-upstream (RFC7858) hostname |
|
# verification. Since it's outside the chroot it is only loaded at |
|
# startup and thus cannot be changed via a reload. |
|
#tls-cert-bundle: "/etc/ssl/cert.pem" |
|
|
remote-control: |
remote-control: |
control-enable: yes |
control-enable: yes |
control-interface: /var/run/unbound.sock |
control-interface: /var/run/unbound.sock |
|
|
# name: "." # use for ALL queries |
# name: "." # use for ALL queries |
# forward-addr: 192.0.2.53 # example address only |
# forward-addr: 192.0.2.53 # example address only |
# forward-first: yes # try direct if forwarder fails |
# forward-first: yes # try direct if forwarder fails |
|
|
|
# Use an upstream DNS-over-TLS forwarder and do not fall back to cleartext |
|
# if that fails. |
|
#forward-zone: |
|
# name: "." |
|
# forward-tls-upstream: yes # use DNS-over-TLS forwarder |
|
# forward-first: no # do NOT send direct |
|
# # the hostname after "#" is not a comment, it is used for TLS checks: |
|
# forward-addr: 192.0.2.53@953#resolver.hostname.example |