Return to unbound.conf CVS log

Up to [local] / src / etc

Annotation of src/etc/unbound.conf, Revision 1.10

1.10    ! sthen       1: # $OpenBSD: unbound.conf,v 1.9 2018/12/07 09:21:08 florian Exp $
1.1       sthen       2:
                      3: server:
                      4:        interface: 127.0.0.1
                      5:        #interface: 127.0.0.1@5353      # listen on alternative port
                      6:        interface: ::1
                      7:        #do-ip6: no
1.7       sthen       8:
                      9:        # override the default "any" address to send queries; if multiple
                     10:        # addresses are available, they are used randomly to counter spoofing
                     11:        #outgoing-interface: 192.0.2.1
                     12:        #outgoing-interface: 2001:db8::53
1.1       sthen      13:
                     14:        access-control: 0.0.0.0/0 refuse
                     15:        access-control: 127.0.0.0/8 allow
                     16:        access-control: ::0/0 refuse
                     17:        access-control: ::1 allow
                     18:
                     19:        hide-identity: yes
                     20:        hide-version: yes
                     21:
1.10    ! sthen      22:        # Uncomment to enable qname minimisation.  RFC 7816
1.8       florian    23:        #qname-minimisation: yes
1.6       sthen      24:
1.9       florian    25:        # Enable DNSSEC validation.
                     26:        auto-trust-anchor-file: "/var/unbound/db/root.key"
                     27:        val-log-level: 2
1.8       florian    28:
1.9       florian    29:        # Synthesize NXDOMAINs from DNSSEC NSEC chains.  RFC 8198
                     30:        aggressive-nsec: yes
1.1       sthen      31:
                     32:        # Serve zones authoritatively from Unbound to resolver clients.
1.4       millert    33:        # Not for external service.
1.1       sthen      34:        #
                     35:        #local-zone: "local." static
                     36:        #local-data: "mycomputer.local. IN A 192.0.2.51"
1.4       millert    37:        #local-zone: "2.0.192.in-addr.arpa." static
1.1       sthen      38:        #local-data-ptr: "192.0.2.51 mycomputer.local"
                     39:
                     40:        # UDP EDNS reassembly buffer advertised to peers. Default 4096.
                     41:        # May need lowering on broken networks with fragmentation/MTU issues,
                     42:        # particularly if validating DNSSEC.
                     43:        #
                     44:        #edns-buffer-size: 1480
                     45:
                     46:        # Use TCP for "forward-zone" requests. Useful if you are making
                     47:        # DNS requests over an SSH port forwarding.
                     48:        #
                     49:        #tcp-upstream: yes
1.6       sthen      50:
1.5       sthen      51: remote-control:
                     52:        control-enable: yes
                     53:        control-use-cert: no
                     54:        control-interface: /var/run/unbound.sock
1.1       sthen      55:
1.10    ! sthen      56: # Use an upstream forwarder (recursive resolver) for some or all zones.
1.1       sthen      57: #
                     58: #forward-zone:
                     59: #      name: "."                               # use for ALL queries
1.10    ! sthen      60: #      forward-addr: 192.0.2.53                # example address only
1.1       sthen      61: #      forward-first: yes                      # try direct if forwarder fails