webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ffe6303b2bfc0feebf60604d41bc9428ba567764
bpfire/config/unbound/unbound.conf
Jonatan Schlag 211b6bc16e unbound: keep probing when servers are down 
Till now when a server was in the "blocking regime" there was one probe
made every 15 min, to see if this server is up again. In situations
where all servers where down (e.g. because of a massive package loss)
it could take up to 15 min to have a working dns again.

This patch changes this behaviour in a way that a server marked down is
probed every 2 min.

Fixes: #12557

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-01-06 15:31:05 +00:00

85 lines
1.6 KiB
Plaintext
Raw Blame History

#
# Unbound configuration file for IPFire
#
# The full documentation is available at:
# https://nlnetlabs.nl/documentation/unbound/unbound.conf/
#
server:
# Common Server Options
chroot: ""
directory: "/etc/unbound"
username: "nobody"
do-ip6: no
# System Tuning
include: "/etc/unbound/tuning.conf"
# Logging Options
use-syslog: yes
log-time-ascii: yes
# Unbound Statistics
statistics-interval: 86400
extended-statistics: yes
# Prefetching
prefetch: yes
prefetch-key: yes
# Randomise any cached responses
rrset-roundrobin: yes
# Privacy Options
hide-identity: yes
hide-version: yes
# DNSSEC
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-log-level: 1
log-servfail: yes
# Hardening Options
harden-large-queries: yes
harden-referral-path: yes
aggressive-nsec: yes
# TLS
tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
# EDNS Buffer Size (#12240)
edns-buffer-size: 1232
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000
# Listen on all interfaces
interface-automatic: yes
interface: 0.0.0.0
# Allow access from everywhere
access-control: 0.0.0.0/0 allow
# Timeout behaviour
infra-keep-probing: yes
# Bootstrap root servers
root-hints: "/etc/unbound/root.hints"
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"
# Include hosts
include: "/etc/unbound/hosts.conf"
# Include any forward zones
include: "/etc/unbound/forward.conf"
remote-control:
control-enable: yes
control-use-cert: no
control-interface: 127.0.0.1
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"
Reference in New Issue View Git Blame Copy Permalink