Return to unbound.conf CVS log

Up to [local] / src / etc

Add a new sample config file and rc.d script for unbound, ok deraadt@

# $OpenBSD: unbound.conf,v 1.1 2014/03/15 00:34:18 sthen Exp $

server:
	interface: 127.0.0.1
	#interface: 127.0.0.1@5353	# listen on alternative port
	interface: ::1
	#do-ip6: no

	access-control: 0.0.0.0/0 refuse
	access-control: 127.0.0.0/8 allow
	access-control: ::0/0 refuse
	access-control: ::1 allow

	hide-identity: yes
	hide-version: yes

	# Enable DNSSEC validation. Fetch a root key with unbound-anchor(8).
	#
	#module-config: "validator iterator"
	#auto-trust-anchor-file: "/var/unbound/etc/root.key"

	# Serve zones authoritatively from Unbound to resolver clients.
	# Not for external service. Note use of "nodefault" for AS112 zones,
	# i.e. reverse lookup zones for RFC1918 and similar addresses.
	#
	#local-zone: "local." static
	#local-data: "mycomputer.local. IN A 192.0.2.51"
	#local-zone: "2.0.192.in-addr.arpa." static nodefault
	#local-data-ptr: "192.0.2.51 mycomputer.local"

	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
	# May need lowering on broken networks with fragmentation/MTU issues,
	# particularly if validating DNSSEC.
	#
	#edns-buffer-size: 1480

	# Use TCP for "forward-zone" requests. Useful if you are making
	# DNS requests over an SSH port forwarding.
	#
	#tcp-upstream: yes

# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#
#forward-zone:
#	name: "."				# use for ALL queries
#	forward-addr: 74.82.42.42		# he.net
#	forward-addr: 2001:470:20::2		# he.net v6
#	forward-addr: 8.8.8.8			# google.com
#	forward-addr: 2001:4860:4860::8888	# google.com v6
#	forward-addr: 208.67.222.222		# opendns.com
#	forward-first: yes			# try direct if forwarder fails