Annotation of src/etc/unbound.conf, Revision 1.3
1.3 ! sthen 1: # $OpenBSD: unbound.conf,v 1.2 2014/03/21 00:23:15 sthen Exp $
1.1 sthen 2:
3: server:
4: interface: 127.0.0.1
5: #interface: 127.0.0.1@5353 # listen on alternative port
6: interface: ::1
7: #do-ip6: no
8:
9: access-control: 0.0.0.0/0 refuse
10: access-control: 127.0.0.0/8 allow
11: access-control: ::0/0 refuse
12: access-control: ::1 allow
13:
14: hide-identity: yes
15: hide-version: yes
16:
1.2 sthen 17: # Uncomment to enable DNSSEC validation.
1.1 sthen 18: #
1.2 sthen 19: #auto-trust-anchor-file: "/var/unbound/db/root.key"
1.1 sthen 20:
21: # Serve zones authoritatively from Unbound to resolver clients.
22: # Not for external service. Note use of "nodefault" for AS112 zones,
23: # i.e. reverse lookup zones for RFC1918 and similar addresses.
24: #
25: #local-zone: "local." static
26: #local-data: "mycomputer.local. IN A 192.0.2.51"
27: #local-zone: "2.0.192.in-addr.arpa." static nodefault
28: #local-data-ptr: "192.0.2.51 mycomputer.local"
29:
30: # UDP EDNS reassembly buffer advertised to peers. Default 4096.
31: # May need lowering on broken networks with fragmentation/MTU issues,
32: # particularly if validating DNSSEC.
33: #
34: #edns-buffer-size: 1480
35:
36: # Use TCP for "forward-zone" requests. Useful if you are making
37: # DNS requests over an SSH port forwarding.
38: #
39: #tcp-upstream: yes
40:
41: # Use an upstream forwarder (recursive resolver) for specific zones.
42: # Example addresses given below are public resolvers valid as of 2014/03.
43: #
44: #forward-zone:
45: # name: "." # use for ALL queries
46: # forward-addr: 74.82.42.42 # he.net
47: # forward-addr: 2001:470:20::2 # he.net v6
48: # forward-addr: 8.8.8.8 # google.com
49: # forward-addr: 2001:4860:4860::8888 # google.com v6
50: # forward-addr: 208.67.222.222 # opendns.com
51: # forward-first: yes # try direct if forwarder fails