Annotation of src/etc/unbound.conf, Revision 1.7
1.7 ! sthen 1: # $OpenBSD: unbound.conf,v 1.6 2015/12/15 20:26:55 sthen Exp $
1.1 sthen 2:
3: server:
4: interface: 127.0.0.1
5: #interface: 127.0.0.1@5353 # listen on alternative port
6: interface: ::1
7: #do-ip6: no
1.7 ! sthen 8:
! 9: # override the default "any" address to send queries; if multiple
! 10: # addresses are available, they are used randomly to counter spoofing
! 11: #outgoing-interface: 192.0.2.1
! 12: #outgoing-interface: 2001:db8::53
1.1 sthen 13:
14: access-control: 0.0.0.0/0 refuse
15: access-control: 127.0.0.0/8 allow
16: access-control: ::0/0 refuse
17: access-control: ::1 allow
18:
19: hide-identity: yes
20: hide-version: yes
21:
1.6 sthen 22: # Uncomment to enable qname minimisation.
23: # https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
24: #
25: # qname-minimisation: yes
26:
1.2 sthen 27: # Uncomment to enable DNSSEC validation.
1.1 sthen 28: #
1.2 sthen 29: #auto-trust-anchor-file: "/var/unbound/db/root.key"
1.1 sthen 30:
31: # Serve zones authoritatively from Unbound to resolver clients.
1.4 millert 32: # Not for external service.
1.1 sthen 33: #
34: #local-zone: "local." static
35: #local-data: "mycomputer.local. IN A 192.0.2.51"
1.4 millert 36: #local-zone: "2.0.192.in-addr.arpa." static
1.1 sthen 37: #local-data-ptr: "192.0.2.51 mycomputer.local"
38:
39: # UDP EDNS reassembly buffer advertised to peers. Default 4096.
40: # May need lowering on broken networks with fragmentation/MTU issues,
41: # particularly if validating DNSSEC.
42: #
43: #edns-buffer-size: 1480
44:
45: # Use TCP for "forward-zone" requests. Useful if you are making
46: # DNS requests over an SSH port forwarding.
47: #
48: #tcp-upstream: yes
1.6 sthen 49:
50: # DNS64 options, synthesizes AAAA records for hosts that don't have
51: # them. For use with NAT64 (PF "af-to").
52: #
53: #module-config: "dns64 validator iterator"
54: #dns64-prefix: 64:ff9b::/96 # well-known prefix (default)
55: #dns64-synthall: no
1.5 sthen 56:
57: remote-control:
58: control-enable: yes
59: control-use-cert: no
60: control-interface: /var/run/unbound.sock
1.1 sthen 61:
62: # Use an upstream forwarder (recursive resolver) for specific zones.
63: # Example addresses given below are public resolvers valid as of 2014/03.
64: #
65: #forward-zone:
66: # name: "." # use for ALL queries
67: # forward-addr: 74.82.42.42 # he.net
68: # forward-addr: 2001:470:20::2 # he.net v6
69: # forward-addr: 8.8.8.8 # google.com
70: # forward-addr: 2001:4860:4860::8888 # google.com v6
71: # forward-addr: 208.67.222.222 # opendns.com
72: # forward-first: yes # try direct if forwarder fails