2 # Unbound configuration file for IPFire
4 # The full documentation is available at:
5 # https://www.unbound.net/documentation/unbound.conf.html
9 # Common Server Options
11 directory: "/etc/unbound"
19 do-not-query-localhost: yes
22 include: "/etc/unbound/tuning.conf"
31 statistics-interval: 86400
32 statistics-cumulative: yes
33 extended-statistics: yes
39 # Randomise any cached responses
45 qname-minimisation: yes
46 minimal-responses: yes
49 auto-trust-anchor-file: "/var/lib/unbound/root.key"
50 val-permissive-mode: no
51 val-clean-additional: yes
56 harden-short-bufsize: no
57 harden-large-queries: yes
58 harden-dnssec-stripped: yes
59 harden-below-nxdomain: yes
60 harden-referral-path: yes
61 harden-algo-downgrade: no
64 qname-minimisation: yes
67 tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
69 # EDNS Buffer Size (#12240)
70 edns-buffer-size: 1232
72 # Harden against DNS cache poisoning
73 unwanted-reply-threshold: 1000000
75 # Listen on all interfaces
76 interface-automatic: yes
79 # Allow access from everywhere
80 access-control: 0.0.0.0/0 allow
82 # Bootstrap root servers
83 root-hints: "/etc/unbound/root.hints"
86 include: "/etc/unbound/dhcp-leases.conf"
89 include: "/etc/unbound/hosts.conf"
91 # Include any forward zones
92 include: "/etc/unbound/forward.conf"
97 control-interface: 127.0.0.1
99 # Import any local configurations
100 include: "/etc/unbound/local.d/*.conf"