log-queries: no
# Unbound Statistics
- statistics-interval: 0
+ statistics-interval: 86400
statistics-cumulative: yes
extended-statistics: yes
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
+ aggressive-nsec: yes
- # Deny access from everywhere
- access-control: 0.0.0.0/0 refuse
+ # Harden against DNS cache poisoning
+ unwanted-reply-threshold: 1000000
- # Listen on localhost
- interface: 127.0.0.1
- access-control: 127.0.0.0/8 allow
+ # Listen on all interfaces
+ interface-automatic: yes
+ interface: 0.0.0.0
+
+ # Allow access from everywhere
+ access-control: 0.0.0.0/0 allow
# Bootstrap root servers
root-hints: "/etc/unbound/root.hints"
- # IPFire interface configuration
- include: "/etc/unbound/interfaces.conf"
- interface-automatic: no
-
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"