webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
86e9d04bfb73eb256682a567e187fe1e5cdcc3ca
bpfire/config/unbound/unbound.conf
Michael Tremer 86e9d04bfb unbound: Deactivate qname-minimization & harden-below-nxdomain 
This causes trouble when you try to resolve a record like
a.b.blah.com where b.blah.com responds with NXDOMAIN. unbound
won't try to resolve a.b.blah.com because it is assumed that
everything longer than b.blah.com does not exist which is
probably not good usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2016-11-25 17:45:39 +00:00

89 lines
1.8 KiB
Plaintext
Raw Blame History

#
# Unbound configuration file for IPFire
#
# The full documentation is available at:
# https://www.unbound.net/documentation/unbound.conf.html
#
server:
# Common Server Options
chroot: ""
directory: "/etc/unbound"
username: "nobody"
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
so-reuseport: yes
do-not-query-localhost: yes
# System Tuning
include: "/etc/unbound/tuning.conf"
# Logging Options
verbosity: 1
use-syslog: yes
log-time-ascii: yes
log-queries: no
# Unbound Statistics
statistics-interval: 0
statistics-cumulative: yes
extended-statistics: yes
# Prefetching
prefetch: yes
prefetch-key: yes
# Randomise any cached responses
rrset-roundrobin: yes
# Privacy Options
hide-identity: yes
hide-version: yes
minimal-responses: yes
# DNSSEC
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-permissive-mode: no
val-clean-additional: yes
val-log-level: 1
# Hardening Options
harden-glue: yes
harden-short-bufsize: no
harden-large-queries: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: no
# Listen on all interfaces
interface-automatic: yes
interface: 0.0.0.0
# Allow access from everywhere
access-control: 0.0.0.0/0 allow
# Bootstrap root servers
root-hints: "/etc/unbound/root.hints"
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"
# Include any forward zones
include: "/etc/unbound/forward.conf"
remote-control:
control-enable: yes
control-use-cert: yes
control-interface: 127.0.0.1
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"
Reference in New Issue View Git Blame Copy Permalink