webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8076deba79f9bbd4e551fdfe1eb49e8a77b2c19e
bpfire/config/unbound/unbound.conf
Peter Müller 2e0660f9ce Unbound: output statistics daily instead of just on shutdown 
Currently, Unbound only prints statistics if it is being shutdown
(mostly because of a machine reboot). This makes detecting DNS
anomalies hard as no intermediate statistic result is being logged.

This patch changes Unbound's behaviour in order to log statistics
every 86,400 seconds (i.e. 24 hours).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-01 10:31:09 +00:00

95 lines
1.9 KiB
Plaintext
Raw Blame History

#
# Unbound configuration file for IPFire
#
# The full documentation is available at:
# https://www.unbound.net/documentation/unbound.conf.html
#
server:
# Common Server Options
chroot: ""
directory: "/etc/unbound"
username: "nobody"
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
so-reuseport: yes
do-not-query-localhost: yes
# System Tuning
include: "/etc/unbound/tuning.conf"
# Logging Options
verbosity: 1
use-syslog: yes
log-time-ascii: yes
log-queries: no
# Unbound Statistics
statistics-interval: 86400
statistics-cumulative: yes
extended-statistics: yes
# Prefetching
prefetch: yes
prefetch-key: yes
# Randomise any cached responses
rrset-roundrobin: yes
# Privacy Options
hide-identity: yes
hide-version: yes
qname-minimisation: yes
minimal-responses: yes
# DNSSEC
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-permissive-mode: no
val-clean-additional: yes
val-log-level: 1
# Hardening Options
harden-glue: yes
harden-short-bufsize: no
harden-large-queries: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: yes
aggressive-nsec: yes
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000
# Listen on all interfaces
interface-automatic: yes
interface: 0.0.0.0
# Allow access from everywhere
access-control: 0.0.0.0/0 allow
# Bootstrap root servers
root-hints: "/etc/unbound/root.hints"
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"
# Include any forward zones
include: "/etc/unbound/forward.conf"
remote-control:
control-enable: yes
control-use-cert: yes
control-interface: 127.0.0.1
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"
Reference in New Issue View Git Blame Copy Permalink