]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - config/unbound/unbound.conf
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote-tracking branch 'ms/next-dns-ng' into next
[people/pmueller/ipfire-2.x.git] / config / unbound / unbound.conf
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf
index e20c3330d7045ac93856ee1eb2e01d7d41b62d83..24822ee67a59bd3247a7fd7693a1eb38b33db7ef 100644 (file)
--- a/config/unbound/unbound.conf
+++ b/config/unbound/unbound.conf
@@ -61,6 +61,13 @@ server:
        harden-algo-downgrade: no
        use-caps-for-id: yes
        aggressive-nsec: yes
+       qname-minimisation: yes
+
+       # TLS
+       tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
+
+       # EDNS Buffer Size (#12240)
+       edns-buffer-size: 1232
 
        # Harden against DNS cache poisoning
        unwanted-reply-threshold: 1000000
@@ -78,6 +85,9 @@ server:
        # Include DHCP leases
        include: "/etc/unbound/dhcp-leases.conf"
 
+       # Include hosts
+       include: "/etc/unbound/hosts.conf"
+
        # Include any forward zones
        include: "/etc/unbound/forward.conf"
 
Peter's tree of IPFire 2.x