log-queries: no
# Unbound Statistics
- statistics-interval: 0
+ statistics-interval: 86400
statistics-cumulative: yes
extended-statistics: yes
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
- use-caps-for-id: no
+ use-caps-for-id: yes
+ aggressive-nsec: yes
+
+ # Harden against DNS cache poisoning
+ unwanted-reply-threshold: 1000000
# Listen on all interfaces
interface-automatic: yes
remote-control:
control-enable: yes
- control-use-cert: yes
+ control-use-cert: no
control-interface: 127.0.0.1
- server-key-file: "/etc/unbound/unbound_server.key"
- server-cert-file: "/etc/unbound/unbound_server.pem"
- control-key-file: "/etc/unbound/unbound_control.key"
- control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"