]>
Commit | Line | Data |
---|---|---|
d0e5f71f ML |
1 | # |
2 | # Unbound configuration file for IPFire | |
3 | # | |
4 | # The full documentation is available at: | |
e737776d | 5 | # https://nlnetlabs.nl/documentation/unbound/unbound.conf/ |
d0e5f71f ML |
6 | # |
7 | ||
8 | server: | |
b8f5eda8 MT |
9 | # Common Server Options |
10 | chroot: "" | |
11 | directory: "/etc/unbound" | |
12 | username: "nobody" | |
d0e5f71f | 13 | do-ip6: no |
d0e5f71f | 14 | |
b658a451 MT |
15 | # System Tuning |
16 | include: "/etc/unbound/tuning.conf" | |
17 | ||
b8f5eda8 | 18 | # Logging Options |
b8f5eda8 | 19 | use-syslog: yes |
d0e5f71f ML |
20 | log-time-ascii: yes |
21 | ||
22 | # Unbound Statistics | |
2e0660f9 | 23 | statistics-interval: 86400 |
d0e5f71f ML |
24 | extended-statistics: yes |
25 | ||
b658a451 | 26 | # Prefetching |
b8f5eda8 MT |
27 | prefetch: yes |
28 | prefetch-key: yes | |
29 | ||
b8f5eda8 | 30 | # Privacy Options |
d0e5f71f ML |
31 | hide-identity: yes |
32 | hide-version: yes | |
d0e5f71f | 33 | |
b8f5eda8 MT |
34 | # DNSSEC |
35 | auto-trust-anchor-file: "/var/lib/unbound/root.key" | |
b8f5eda8 | 36 | val-log-level: 1 |
e737776d | 37 | log-servfail: yes |
b8f5eda8 MT |
38 | |
39 | # Hardening Options | |
d0e5f71f | 40 | harden-large-queries: yes |
b8f5eda8 | 41 | harden-referral-path: yes |
8a058583 | 42 | aggressive-nsec: yes |
d0e5f71f | 43 | |
ffc46751 MT |
44 | # TLS |
45 | tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt | |
46 | ||
ffba3c98 PM |
47 | # Harden against DNS cache poisoning |
48 | unwanted-reply-threshold: 1000000 | |
49 | ||
1b4d5ad9 | 50 | # Listen on all interfaces |
d4af85f2 | 51 | interface-automatic: yes |
1b4d5ad9 MT |
52 | interface: 0.0.0.0 |
53 | ||
3ddad158 MT |
54 | # Allow access from everywhere |
55 | access-control: 0.0.0.0/0 allow | |
d0e5f71f | 56 | |
211b6bc1 JS |
57 | # Timeout behaviour |
58 | infra-keep-probing: yes | |
59 | ||
b8f5eda8 | 60 | # Bootstrap root servers |
d0e5f71f ML |
61 | root-hints: "/etc/unbound/root.hints" |
62 | ||
b8f5eda8 MT |
63 | # Include DHCP leases |
64 | include: "/etc/unbound/dhcp-leases.conf" | |
d0e5f71f | 65 | |
6137797c MT |
66 | # Include hosts |
67 | include: "/etc/unbound/hosts.conf" | |
68 | ||
b8f5eda8 MT |
69 | # Include any forward zones |
70 | include: "/etc/unbound/forward.conf" | |
d0e5f71f | 71 | |
d0e5f71f ML |
72 | remote-control: |
73 | control-enable: yes | |
9bc17600 | 74 | control-use-cert: no |
d0e5f71f | 75 | control-interface: 127.0.0.1 |
d0e5f71f | 76 | |
b8f5eda8 MT |
77 | # Import any local configurations |
78 | include: "/etc/unbound/local.d/*.conf" |