log-queries: no
# Unbound Statistics
- statistics-interval: 0
+ statistics-interval: 86400
statistics-cumulative: yes
extended-statistics: yes
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
+ aggressive-nsec: yes
+
+ # Harden against DNS cache poisoning
+ unwanted-reply-threshold: 1000000
# Listen on all interfaces
- interface-automatic: no
+ interface-automatic: yes
interface: 0.0.0.0
# Allow access from everywhere
# Include any forward zones
include: "/etc/unbound/forward.conf"
+ # Include safe search settings
+ include: "/etc/unbound/safe-search.conf"
+
remote-control:
control-enable: yes
- control-use-cert: yes
+ control-use-cert: no
control-interface: 127.0.0.1
- server-key-file: "/etc/unbound/unbound_server.key"
- server-cert-file: "/etc/unbound/unbound_server.pem"
- control-key-file: "/etc/unbound/unbound_control.key"
- control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"