]>
Commit | Line | Data |
---|---|---|
1 | # | |
2 | # Unbound configuration file for IPFire | |
3 | # | |
4 | # The full documentation is available at: | |
5 | # https://nlnetlabs.nl/documentation/unbound/unbound.conf/ | |
6 | # | |
7 | ||
8 | server: | |
9 | # Common Server Options | |
10 | chroot: "" | |
11 | directory: "/etc/unbound" | |
12 | username: "nobody" | |
13 | do-ip6: no | |
14 | ||
15 | # System Tuning | |
16 | include: "/etc/unbound/tuning.conf" | |
17 | ||
18 | # Logging Options | |
19 | use-syslog: yes | |
20 | log-time-ascii: yes | |
21 | ||
22 | # Unbound Statistics | |
23 | statistics-interval: 86400 | |
24 | extended-statistics: yes | |
25 | ||
26 | # Prefetching | |
27 | prefetch: yes | |
28 | prefetch-key: yes | |
29 | ||
30 | # Privacy Options | |
31 | hide-identity: yes | |
32 | hide-version: yes | |
33 | ||
34 | # DNSSEC | |
35 | auto-trust-anchor-file: "/var/lib/unbound/root.key" | |
36 | val-log-level: 1 | |
37 | log-servfail: yes | |
38 | ||
39 | # Hardening Options | |
40 | harden-large-queries: yes | |
41 | harden-referral-path: yes | |
42 | aggressive-nsec: yes | |
43 | ||
44 | # TLS | |
45 | tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt | |
46 | ||
47 | # Harden against DNS cache poisoning | |
48 | unwanted-reply-threshold: 1000000 | |
49 | ||
50 | # Listen on all interfaces | |
51 | interface-automatic: yes | |
52 | interface: 0.0.0.0 | |
53 | ||
54 | # Allow access from everywhere | |
55 | access-control: 0.0.0.0/0 allow | |
56 | ||
57 | # Timeout behaviour | |
58 | infra-keep-probing: yes | |
59 | ||
60 | # Bootstrap root servers | |
61 | root-hints: "/etc/unbound/root.hints" | |
62 | ||
63 | # Include DHCP leases | |
64 | include: "/etc/unbound/dhcp-leases.conf" | |
65 | ||
66 | # Include hosts | |
67 | include: "/etc/unbound/hosts.conf" | |
68 | ||
69 | # Include any forward zones | |
70 | include: "/etc/unbound/forward.conf" | |
71 | ||
72 | remote-control: | |
73 | control-enable: yes | |
74 | control-use-cert: no | |
75 | control-interface: 127.0.0.1 | |
76 | ||
77 | # Import any local configurations | |
78 | include: "/etc/unbound/local.d/*.conf" |