-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlocal.conf
80 lines (77 loc) · 2.24 KB
/
local.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 6
serve-expired: yes
interface: 127.0.0.1
interface: 10.0.0.1
interface: 10.10.10.10
interface: 10.10.10.11
interface: 2001:db8:8000::10
interface: 2001:db8:8000::11
interface: ::1
interface-automatic: no
outgoing-interface: 10.0.0.1
outgoing-interface: 2001:db8:8000:cafe::130
outgoing-range: 8192
outgoing-num-tcp: 1024
incoming-num-tcp: 2048
so-rcvbuf: 4m
so-sndbuf: 4m
so-reuseport: yes
edns-buffer-size: 1232
msg-cache-size: 1G
msg-cache-slabs: 4
num-queries-per-thread: 4096
rrset-cache-size: 2G
rrset-cache-slabs: 4
infra-cache-slabs: 4
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
chroot: ""
username: "unbound"
directory: "/etc/unbound"
logfile: "/var/log/unbound/unbound.log"
use-syslog: no
log-time-ascii: yes
log-queries: no
pidfile: "/var/run/unbound.pid"
root-hints: "/usr/share/dns/root.hints"
hide-identity: yes
hide-version: yes
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: "respip validator iterator"
val-clean-additional: yes
val-log-level: 1
key-cache-slabs: 4
deny-any: yes
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
rpz:
name: rpz.block.host.local.zone
zonefile: /etc/unbound/rpz.block.hosts.zone
rpz-action-override: nxdomain
python:
auth-zone:
name: "."
master: "b.root-servers.net"
master: "c.root-servers.net"
master: "d.root-servers.net"
master: "f.root-servers.net"
master: "g.root-servers.net"
master: "k.root-servers.net"
master: "lax.xfr.dns.icann.org"
master: "iad.xfr.dns.icann.org"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "/var/lib/unbound/root.zone"