2 # Unbound configuration file for IPFire
4 # The full documentation is available at:
5 # https://www.unbound.net/documentation/unbound.conf.html
9 # Common Server Options
11 directory: "/etc/unbound"
20 do-not-query-localhost: yes
29 statistics-interval: 0
30 statistics-cumulative: yes
31 extended-statistics: yes
40 # Randomise any cached responses
46 qname-minimisation: yes
47 minimal-responses: yes
50 auto-trust-anchor-file: "/var/lib/unbound/root.key"
51 val-permissive-mode: no
52 val-clean-additional: yes
57 harden-short-bufsize: no
58 harden-large-queries: yes
59 harden-dnssec-stripped: yes
60 harden-below-nxdomain: yes
61 harden-referral-path: yes
62 harden-algo-downgrade: no
65 # Deny access from everywhere
66 access-control: 0.0.0.0/0 refuse
70 access-control: 127.0.0.0/8 allow
72 # Bootstrap root servers
73 root-hints: "/etc/unbound/root.hints"
75 # IPFire interface configuration
76 include: "/etc/unbound/interfaces.conf"
77 interface-automatic: no
80 include: "/etc/unbound/dhcp-leases.conf"
82 # Include any forward zones
83 include: "/etc/unbound/forward.conf"
88 control-interface: 127.0.0.1
89 server-key-file: "/etc/unbound/unbound_server.key"
90 server-cert-file: "/etc/unbound/unbound_server.pem"
91 control-key-file: "/etc/unbound/unbound_control.key"
92 control-cert-file: "/etc/unbound/unbound_control.pem"
94 # Import any local configurations
95 include: "/etc/unbound/local.d/*.conf"