mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-25 10:22:59 +02:00
78 lines
1.4 KiB
Plaintext
78 lines
1.4 KiB
Plaintext
#
|
|
# Unbound configuration file for IPFire
|
|
#
|
|
# The full documentation is available at:
|
|
# https://nlnetlabs.nl/documentation/unbound/unbound.conf/
|
|
#
|
|
|
|
server:
|
|
# Common Server Options
|
|
chroot: ""
|
|
directory: "/etc/unbound"
|
|
username: "nobody"
|
|
do-ip6: no
|
|
|
|
# System Tuning
|
|
include: "/etc/unbound/tuning.conf"
|
|
|
|
# Logging Options
|
|
use-syslog: yes
|
|
log-time-ascii: yes
|
|
|
|
# Unbound Statistics
|
|
statistics-interval: 86400
|
|
extended-statistics: yes
|
|
|
|
# Prefetching
|
|
prefetch: yes
|
|
prefetch-key: yes
|
|
|
|
# Privacy Options
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
|
|
# DNSSEC
|
|
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
|
val-log-level: 1
|
|
log-servfail: yes
|
|
|
|
# Hardening Options
|
|
harden-large-queries: yes
|
|
harden-referral-path: yes
|
|
|
|
# TLS
|
|
tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
|
|
|
|
# Harden against DNS cache poisoning
|
|
unwanted-reply-threshold: 1000000
|
|
|
|
# Listen on all interfaces
|
|
interface-automatic: yes
|
|
interface: 0.0.0.0
|
|
|
|
# Allow access from everywhere
|
|
access-control: 0.0.0.0/0 allow
|
|
|
|
# Timeout behaviour
|
|
infra-keep-probing: yes
|
|
|
|
# Bootstrap root servers
|
|
root-hints: "/etc/unbound/root.hints"
|
|
|
|
# Include DHCP leases
|
|
include: "/etc/unbound/dhcp-leases.conf"
|
|
|
|
# Include hosts
|
|
include: "/etc/unbound/hosts.conf"
|
|
|
|
# Include any forward zones
|
|
include: "/etc/unbound/forward.conf"
|
|
|
|
remote-control:
|
|
control-enable: yes
|
|
control-use-cert: no
|
|
control-interface: 127.0.0.1
|
|
|
|
# Import any local configurations
|
|
include: "/etc/unbound/local.d/*.conf"
|