Context Navigation

Back to Ticket #49264

Ticket #49264: unbound.conf

File unbound.conf, 6.9 KB (added by macuserguru, 9 years ago)
Current unbound.conf

Line
1	# See unbound.conf(5) man page, version 1.5.1.
2	#
3
4	server:
5	# verbosity 1 is default.
6
7	verbosity: 1
8
9	# Set to "" or 0 to disable. Default is disabled - every N seconds.
10	# 86400 = one day
11
12	statistics-interval: 86400
13
14	# statistics-cumulative: no
15
16	# extended-statistics: no
17
18	num-threads: 2
19
20	# interface: 127.0.0.1
21	# interface: 10.0.0.8
22	# interface: 192.168.1.8
23	# interface: ::1
24	interface: 0.0.0.0
25	interface: ::0
26
27	# dont work on mac
28	# interface-automatic: yes
29
30	# port to answer queries from, default 53
31
32	port: 53
33
34	# outgoing-range: 4096
35
36	# outgoing-port-permit: 32768
37
38	# outgoing-port-avoid: "3200-3208"
39
40	# default 10
41	# outgoing-num-tcp: 10
42
43	# default 10
44	# incoming-num-tcp: 10
45
46	so-rcvbuf: 2m
47
48	so-sndbuf: 2m
49
50	# so-reuseport: no
51
52	# default 4096
53	# edns-buffer-size: 4096
54
55	# Default is 4096. 65536 disables it.
56	# max-udp-size: 4096
57
58	# default 65552
59	# msg-buffer-size: 65552
60
61	# message cache -default is "4Mb".
62
63	msg-cache-size: 4m
64
65	msg-cache-slabs: 4
66
67	# num-queries-per-thread: 1024
68
69	# jostle-timeout - Default 200 milliseconds
70
71	jostle-timeout: 200
72
73	# default 0
74	# delay-close: 0
75
76	# RRset cache default is "4Mb".
77
78	rrset-cache-size: 4m
79
80	rrset-cache-slabs: 4
81
82	cache-min-ttl: 5
83
84	cache-max-ttl: 86400
85
86	# infra-host-ttl: 900
87
88	infra-cache-slabs: 4
89
90	# infra-cache-numhosts: 10000
91
92	do-ip4: yes
93
94	do-ip6: yes
95
96	do-udp: yes
97
98	do-tcp: yes
99
100	# tcp-upstream: no
101
102	# do-daemonize: yes
103
104	access-control: ::1 allow
105	# access-control: 127.0.0.1 allow
106	# access-control: fe80::1 allow
107	# access-control: 10.0.0.8 allow
108	# access-control: 192.168.1.8 allow
109	# access-control: ::ffff: allow
110	access-control: fd00::/8 allow
111	access-control: fe80::/10 allow
112	access-control: 127.0.0.0/8 allow
113	access-control: 10.0.0.0/8 allow
114	access-control: 172.16.0.0/12 allow
115	access-control: 192.168.0.0/16 allow
116	access-control: 169.254.0.0/16 allow
117
118	chroot: "/opt/local/etc/unbound"
119
120	username: "unbound"
121
122	directory: "/opt/local/etc/unbound"
123
124	logfile: "/logs/unbound.log"
125
126	use-syslog: no
127
128	log-time-ascii: yes
129
130	log-queries: yes
131
132	# pidfile: "/opt/local/var/run/unbound/unbound.pid"
133
134	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
135	# root-hints: ""
136
137	root-hints: "/named.cache"
138
139	# hide-identity: yes
140
141	# hide-version: yes
142
143	# identity: ""
144
145	# version: ""
146
147	# target-fetch-policy: "3 2 1 0 0"
148
149	# harden-short-bufsize: no
150
151	# harden-large-queries: no
152
153	# harden-glue - default is on
154
155	harden-glue: yes
156
157	# harden-dnssec-stripped - default is on
158
159	harden-dnssec-stripped: yes
160
161	# harden-below-nxdomain: no
162
163	# harden-referral-path: no
164
165	# use-caps-for-id: no
166
167
168	# private-address: 10.0.0.0/8
169	# private-address: 172.16.0.0/12
170	# private-address: 192.168.0.0/16
171	# private-address: 169.254.0.0/16
172	# private-address: fd00::/8
173	# private-address: fe80::/10
174
175	# private-domain: "example.com"
176
177	# unwanted-reply-threshold: 0
178
179	# do-not-query-address: 127.0.0.1/8
180	# do-not-query-address: ::1
181
182	# do-not-query-localhost: yes
183
184	# prefetch - default no
185
186	prefetch: yes
187
188	# prefetch-key: no
189
190	# rrset-roundrobin: no
191
192	# minimal-responses: no
193
194	# module-config: "validator iterator"
195
196	# auto-trust-anchor-file: "/opt/local/var/run/unbound/root.key"
197
198	## Can be an absolute path outside of chroot/work dir.
199	## pidfile: "/opt/local/var/run/unbound/unbound.pid"
200
201	# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
202	# dlv-anchor-file: "dlv.isc.org.key"
203
204	# trusted-keys-file: ""
205	# /opt/local/var/run/unbound/root.key
206	# dont run
207	# trusted-keys-file: "/opt/local/var/run/unbound/root.key"
208
209	# Domain is treated as insecure.
210	# domain-insecure: "example.com"
211
212	# val-override-date: ""
213
214	# val-bogus-ttl: 60
215
216	# val-sig-skew-min: 3600
217	# val-sig-skew-max: 86400
218
219	# val-clean-additional - default is yes
220
221	val-clean-additional: yes
222
223	# val-permissive-mode: no
224
225	# ignore-cd-flag: no
226
227	# val-log-level: 2
228
229	# val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
230
231	# add-holddown: 2592000 # 30 days
232
233	# del-holddown: 2592000 # 30 days
234
235	# keep-missing: 31622400 # 366 days
236
237	# default is "4Mb".
238	# key-cache-size: 4m
239
240	key-cache-slabs: 4
241
242	# default is "1Mb".
243	# neg-cache-size: 1m
244
245	# ads blocked
246	local-zone: "doubleclick.net" redirect
247	local-data: "doubleclick.net A 127.0.0.1"
248	local-zone: "googlesyndication.com" redirect
249	local-data: "googlesyndication.com A 127.0.0.1"
250	local-zone: "googleadservices.com" redirect
251	local-data: "googleadservices.com A 127.0.0.1"
252	local-zone: "google-analytics.com" redirect
253	local-data: "google-analytics.com A 127.0.0.1"
254	local-zone: "ads.youtube.com" redirect
255	local-data: "ads.youtube.com A 127.0.0.1"
256	local-zone: "adserver.yahoo.com" redirect
257	local-data: "adserver.yahoo.com A 127.0.0.1"
258	# local-zone: "cloudfront.net" redirect
259	# local-data: "cloudfront.net A 127.0.0.1"
260
261	# micorsoft.com
262
263	local-zone: "micorsoft.com" redirect
264	local-data: "micorsoft.com A 127.0.0.1"
265
266	# unblock-lan-zones: no
267
268	#
269	# You can add locally served data with
270	# local-zone: "local." static
271	# local-data: "mycomputer.local. IN A 192.0.2.51"
272	# local-data: 'mytext.local TXT "content of text record"'
273	#
274	# You can override certain queries with
275	# local-data: "adserver.example.com A 127.0.0.1"
276	#
277	# You can redirect a domain to a fixed address with
278	# (this makes example.com, www.example.com, etc, all go to 192.0.2.3)
279	# local-zone: "example.com" redirect
280	# local-data: "example.com A 192.0.2.3"
281	#
282	# Shorthand to make PTR records, "IPv4 name" or "IPv6 name".
283	# You can also add PTR records using local-data directly, but then
284	# you need to do the reverse notation yourself.
285	# local-data-ptr: "192.0.2.3 www.example.com"
286
287	# service clients over SSL (on the TCP sockets), with plain DNS inside
288	# the SSL stream. Give the certificate to use and private key.
289	# default is "" (disabled). requires restart to take effect.
290	# ssl-service-key: "path/to/privatekeyfile.key"
291	# ssl-service-pem: "path/to/publiccertfile.pem"
292	# ssl-port: 443
293
294	# ssl-upstream: no
295
296	# DNS64 prefix. Must be specified when DNS64 is use.
297	# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
298	# dns64-prefix: 64:ff9b::0/96
299
300
301	python:
302	# Script file to load
303	# python-script: "/opt/local/etc/unbound/ubmodule-tst.py"
304
305	# Remote control config section.
306
307	remote-control:
308
309	# control-enable: no
310
311	# what interfaces are listened to for remote control.
312	# give 0.0.0.0 and ::0 to listen to all interfaces.
313	# control-interface: 127.0.0.1
314	# control-interface: ::1
315
316	# port number for remote control operations.
317	# control-port: 8953
318
319	# unbound server key file.
320	# server-key-file: "/opt/local/etc/unbound/unbound_server.key"
321
322	# unbound server certificate file.
323	# server-cert-file: "/opt/local/etc/unbound/unbound_server.pem"
324
325	# unbound-control key file.
326	# control-key-file: "/opt/local/etc/unbound/unbound_control.key"
327
328	# unbound-control certificate file.
329	# control-cert-file: "/opt/local/etc/unbound/unbound_control.pem"
330
331	# end of file

Download in other formats:

Original Format