-
Notifications
You must be signed in to change notification settings - Fork 0
/
unbound.conf
98 lines (86 loc) · 2.26 KB
/
unbound.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
####### /var/unbound/etc/unbound.conf
server:
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: your_network_here/CIDR_prefix allow
access-control: ::0/0 refuse
access-control: ::1 allow
aggressive-nsec: yes
auto-trust-anchor-file: "/var/unbound/db/root.key"
cache-min-ttl: 300
cache-max-negative-ttl: 3600
cache-max-ttl: 86400
delay-close: 10000
do-ip4: yes
do-ip6: yes
do-not-query-localhost: no
do-tcp: yes
do-udp: yes
edns-buffer-size: 1472
harden-algo-downgrade: yes
harden-below-nxdomain: yes
harden-dnssec-stripped: yes
harden-glue: yes
harden-large-queries: yes
hide-identity: yes
hide-version: yes
include: "/var/unbound/etc/2pz-l1s7-8l4ckh4t-001.txt"
include: "/var/unbound/etc/2pz-l1s7-ph15h1n9-001.txt"
include: "/var/unbound/etc/2pz-l1s7-ph15h1n9-003.txt"
identity: "DNS"
infra-cache-slabs: 4
interface: your_ip_here
key-cache-slabs: 4
logfile: "/var/unbound/log/unbound.log"
log-time-ascii: yes
minimal-responses: yes
module-config: "respip validator iterator"
msg-cache-size: 50m
msg-cache-slabs: 4
neg-cache-size: 4m
num-queries-per-thread: 225
num-threads: 2
outgoing-range: 450
private-address: your_network_here/CIDR_prefix
qname-minimisation: yes
rrset-cache-size: 100m
rrset-cache-slabs: 4
rrset-roundrobin: yes
tcp-upstream: yes
tls-cert-bundle: "/etc/ssl/cert.pem"
unwanted-reply-threshold: 10000
val-clean-additional: yes
val-log-level: 2
verbosity: 2
forward-zone:
name: "."
forward-addr: 1.1.1.1@853
forward-addr: 2606:4700:4700::1001@853
forward-first: yes
forward-tls-upstream: yes
remote-control:
control-enable: yes
control-interface: /var/run/unbound.sock
control-use-cert: no
#rpz:
# name: "4d5-001"
# zonefile: "/var/unbound/etc/2pz-l1s7-4d5-001.txt"
rpz:
name: "71k70k-001"
zonefile: "/var/unbound/etc/2pz-l1s7-71k70k-001.txt"
#rpz:
# name: "94m811n9-001"
# zonefile: "/var/unbound/etc/2pz-l1s7-94m811n9-001.txt"
#rpz:
# name: "d0h-001"
# zonefile: "/var/unbound/etc/2pz-l1s7-d0h-001.txt"
#rpz:
# name: "p20n-001"
# zonefile: "/var/unbound/etc/2pz-l1s7-p20n-001.txt"
#rpz:
# name: "ph15h1n9-002"
# zonefile: "/var/unbound/etc/2pz-l1s7-ph15h1n9-002.txt"
#rpz:
# name: "y0u7u83-001"
# zonefile: "/var/unbound/etc/2pz-l1s7-y0u7u83-001.txt"
####### END