2 # Unbound configuration file for IPFire
4 # The full documentation is available at:
5 # https://www.unbound.net/documentation/unbound.conf.html
9 # Common Server Options
11 directory: "/etc/unbound"
19 do-not-query-localhost: yes
22 include: "/etc/unbound/tuning.conf"
31 statistics-interval: 0
32 statistics-cumulative: yes
33 extended-statistics: yes
39 # Randomise any cached responses
45 qname-minimisation: yes
46 minimal-responses: yes
49 auto-trust-anchor-file: "/var/lib/unbound/root.key"
50 val-permissive-mode: no
51 val-clean-additional: yes
56 harden-short-bufsize: no
57 harden-large-queries: yes
58 harden-dnssec-stripped: yes
59 harden-below-nxdomain: yes
60 harden-referral-path: yes
61 harden-algo-downgrade: no
64 # Listen on all interfaces
67 # Deny access from everywhere
68 access-control: 0.0.0.0/0 refuse
70 # Allow access from localhost
71 access-control: 127.0.0.0/8 allow
73 # Bootstrap root servers
74 root-hints: "/etc/unbound/root.hints"
76 # IPFire interface configuration
77 include: "/etc/unbound/interfaces.conf"
78 interface-automatic: no
81 include: "/etc/unbound/dhcp-leases.conf"
83 # Include any forward zones
84 include: "/etc/unbound/forward.conf"
89 control-interface: 127.0.0.1
90 server-key-file: "/etc/unbound/unbound_server.key"
91 server-cert-file: "/etc/unbound/unbound_server.pem"
92 control-key-file: "/etc/unbound/unbound_control.key"
93 control-cert-file: "/etc/unbound/unbound_control.pem"
95 # Import any local configurations
96 include: "/etc/unbound/local.d/*.conf"