77 lines
2.2 KiB
Plaintext
77 lines
2.2 KiB
Plaintext
server:
|
|
verbosity: 1
|
|
use-syslog: no
|
|
|
|
num-threads: 4
|
|
|
|
# Parametres par defaut qu'on laisse pour s'en souvenir
|
|
port: 5354
|
|
interface: 127.0.0.1
|
|
access-control: 127.0.0.1/8 allow
|
|
do-ip4: yes
|
|
do-ip6: no
|
|
do-udp: yes
|
|
do-tcp: yes
|
|
so-reuseport: yes
|
|
|
|
root-hints: "/var/lib/unbound/root.hints"
|
|
|
|
harden-referral-path: yes
|
|
use-caps-for-id: yes
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
harden-glue: yes
|
|
harden-dnssec-stripped: yes
|
|
|
|
# the time to live (TTL) value lower bound, in seconds. Default 0.
|
|
# If more than an hour could easily give trouble due to stale data.
|
|
# WARNING : against protocol rule but efficient against stupidly too low TTLs
|
|
|
|
cache-min-ttl: 1800
|
|
|
|
# the time to live (TTL) value cap for RRsets and messages in the
|
|
# cache. Items are not cached for longer. In seconds.
|
|
cache-max-ttl: 86400
|
|
|
|
prefetch: yes
|
|
|
|
# If nonzero, unwanted replies are not only reported in statistics, but also
|
|
# a running total is kept per thread. If it reaches the threshold, a warning
|
|
# is printed and a defensive action is taken, the cache is cleared to flush
|
|
# potential poison out of it. A suggested value is 10000000, the default is
|
|
# 0 (turned off). We think 10K is a good value.
|
|
unwanted-reply-threshold: 10000
|
|
|
|
# Should additional section of secure message also be kept clean of unsecure
|
|
# data. Useful to shield the users of this validator from potential bogus
|
|
# data in the additional section. All unsigned data in the additional section
|
|
# is removed from secure messages.
|
|
|
|
val-clean-additional: yes
|
|
|
|
# Log validation failures
|
|
val-log-level: 2
|
|
|
|
statistics-interval: 0
|
|
extended-statistics: yes
|
|
statistics-cumulative: yes
|
|
|
|
# Qname minimization, harden-below-nxdomain is recommanded, see manpage for
|
|
# details & https://unbound.net/pipermail/unbound-users/2015-December/004129.html and RFC 8020
|
|
harden-below-nxdomain: yes
|
|
qname-minimisation: yes
|
|
|
|
private-address: 10.0.0.0/8
|
|
private-address: 172.16.0.0/12
|
|
private-address: 192.168.0.0/16
|
|
private-address: 169.254.0.0/16
|
|
private-address: fd00::/8
|
|
private-address: fe80::/10
|
|
|
|
# enable remote-control
|
|
remote-control:
|
|
control-enable: yes
|
|
#control-interface: "/var/run/unbound.ctl"
|
|
control-interface: 127.0.0.1
|
|
control-use-cert: no
|