Ajouter 'unbound/dns.conf'

This commit is contained in:
virtubox 2018-11-12 00:54:42 +01:00
parent fc547bc22c
commit b521f68a18
1 changed files with 65 additions and 0 deletions

65
unbound/dns.conf Normal file
View File

@ -0,0 +1,65 @@
server:
verbosity: 1
use-syslog: no
logfile: "/var/log/unbound.log"
log-time-ascii: yes
num-threads: 2
# Parametres par defaut qu'on laisse pour s'en souvenir
interface: 127.0.0.1
interface: ::1
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
root-hints: "/var/lib/unbound/root.hints"
harden-referral-path: yes
use-caps-for-id: yes
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
# the time to live (TTL) value lower bound, in seconds. Default 0.
# If more than an hour could easily give trouble due to stale data.
# WARNING : against protocol rule but efficient against stupidly too low TTLs
cache-min-ttl: 3600
# the time to live (TTL) value cap for RRsets and messages in the
# cache. Items are not cached for longer. In seconds.
cache-max-ttl: 86400
prefetch: yes
# If nonzero, unwanted replies are not only reported in statistics, but also
# a running total is kept per thread. If it reaches the threshold, a warning
# is printed and a defensive action is taken, the cache is cleared to flush
# potential poison out of it. A suggested value is 10000000, the default is
# 0 (turned off). We think 10K is a good value.
unwanted-reply-threshold: 10000
# Should additional section of secure message also be kept clean of unsecure
# data. Useful to shield the users of this validator from potential bogus
# data in the additional section. All unsigned data in the additional section
# is removed from secure messages.
val-clean-additional: yes
# Log validation failures
val-log-level: 2
# Qname minimization, harden-below-nxdomain is recommanded, see manpage for
# details & https://unbound.net/pipermail/unbound-users/2015-December/004129.html and RFC 8020
harden-below-nxdomain: yes
qname-minimisation: yes
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10