net/unbound/patches/001-conf.patch

   1 --- a/doc/example.conf.in
   2 +++ b/doc/example.conf.in
   3 @@ -38,6 +38,8 @@ server:
   4         # interface: 192.0.2.154
   5         # interface: 192.0.2.154@5003
   6         # interface: 2001:DB8::5
   7 +       interface: 0.0.0.0
   8 +       interface: ::0
   9
  10         # enable this feature to copy the source address of queries to reply.
  11         # Socket options are not supported on all platforms. experimental.
  12 @@ -57,6 +59,7 @@ server:
  13         # port range that can be open simultaneously.  About double the
  14         # num-queries-per-thread, or, use as many as the OS will allow you.
  15         # outgoing-range: 4096
  16 +       outgoing-range: 60
  17
  18         # permit unbound to use this port number or port range for
  19         # making outgoing queries, using an outgoing interface.
  20 @@ -71,9 +74,11 @@ server:
  21
  22         # number of outgoing simultaneous tcp buffers to hold per thread.
  23         # outgoing-num-tcp: 10
  24 +       outgoing-num-tcp: 1
  25
  26         # number of incoming simultaneous tcp buffers to hold per thread.
  27         # incoming-num-tcp: 10
  28 +       incoming-num-tcp: 1
  29
  30         # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
  31         # 0 is system default.  Use 4m to catch query spikes for busy servers.
  32 @@ -90,18 +95,22 @@ server:
  33         # buffer size for handling DNS data. No messages larger than this
  34         # size can be sent or received, by UDP or TCP. In bytes.
  35         # msg-buffer-size: 65552
  36 +       msg-buffer-size: 8192
  37
  38         # the amount of memory to use for the message cache.
  39         # plain value in bytes or you can append k, m or G. default is "4Mb".
  40         # msg-cache-size: 4m
  41 +       msg-cache-size: 100k
  42
  43         # the number of slabs to use for the message cache.
  44         # the number of slabs must be a power of 2.
  45         # more slabs reduce lock contention, but fragment memory usage.
  46         # msg-cache-slabs: 4
  47 +       msg-cache-slabs: 1
  48
  49         # the number of queries that a thread gets to service.
  50         # num-queries-per-thread: 1024
  51 +       num-queries-per-thread: 30
  52
  53         # if very busy, 50% queries run to completion, 50% get timeout in msec
  54         # jostle-timeout: 200
  55 @@ -109,11 +118,13 @@ server:
  56         # the amount of memory to use for the RRset cache.
  57         # plain value in bytes or you can append k, m or G. default is "4Mb".
  58         # rrset-cache-size: 4m
  59 +       rrset-cache-size: 100k
  60
  61         # the number of slabs to use for the RRset cache.
  62         # the number of slabs must be a power of 2.
  63         # more slabs reduce lock contention, but fragment memory usage.
  64         # rrset-cache-slabs: 4
  65 +       rrset-cache-slabs: 1
  66
  67         # the time to live (TTL) value lower bound, in seconds. Default 0.
  68         # If more than an hour could easily give trouble due to stale data.
  69 @@ -134,12 +145,15 @@ server:
  70         # the number of slabs must be a power of 2.
  71         # more slabs reduce lock contention, but fragment memory usage.
  72         # infra-cache-slabs: 4
  73 +       infra-cache-slabs: 1
  74
  75         # the maximum number of hosts that are cached (roundtrip times, EDNS).
  76         # infra-cache-numhosts: 10000
  77 +       infra-cache-numhosts: 200
  78
  79         # the maximum size of the lame zones cached per host. in bytes.
  80         # infra-cache-lame-size: 10k
  81 +       infra-cache-lame-size: 1k
  82
  83         # Enable IPv4, "yes" or "no".
  84         # do-ip4: yes
  85 @@ -166,6 +180,8 @@ server:
  86         # access-control: ::0/0 refuse
  87         # access-control: ::1 allow
  88         # access-control: ::ffff:127.0.0.1 allow
  89 +       access-control: 0.0.0.0/0 allow
  90 +       access-control: ::0/0 allow
  91
  92         # if given, a chroot(2) is done to the given directory.
  93         # i.e. you can chroot to the working directory, for example,
  94 @@ -196,6 +212,7 @@ server:
  95         # and the given username is assumed. Default is user "unbound".
  96         # If you give "" no privileges are dropped.
  97         # username: "@UNBOUND_USERNAME@"
  98 +       username: ""
  99
 100         # the working directory. The relative files in this config are
 101         # relative to this directory. If you give "" the working directory
 102 @@ -218,10 +235,12 @@ server:
 103
 104         # the pid file. Can be an absolute path outside of chroot/work dir.
 105         # pidfile: "@UNBOUND_PIDFILE@"
 106 +       pidfile: "/var/run/unbound.pid"
 107
 108         # file to read root hints from.
 109         # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
 110         # root-hints: ""
 111 +       root-hints: "/etc/unbound/named.cache"
 112
 113         # enable to not answer id.server and hostname.bind queries.
 114         # hide-identity: no
 115 @@ -244,12 +263,15 @@ server:
 116         #       positive value: fetch that many targets opportunistically.
 117         # Enclose the list of numbers between quotes ("").
 118         # target-fetch-policy: "3 2 1 0 0"
 119 +       target-fetch-policy: "2 1 0 0 0 0"
 120
 121         # Harden against very small EDNS buffer sizes.
 122         # harden-short-bufsize: no
 123 +       harden-short-bufsize: yes
 124
 125         # Harden against unseemly large queries.
 126         # harden-large-queries: no
 127 +       harden-large-queries: yes
 128
 129         # Harden against out of zone rrsets, to avoid spoofing attempts.
 130         # harden-glue: yes
 131 @@ -323,7 +345,7 @@ server:
 132         # you start unbound (i.e. in the system boot scripts).  And enable:
 133         # Please note usage of unbound-anchor root anchor is at your own risk
 134         # and under the terms of our LICENSE (see that file in the source).
 135 -       # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
 136 +       auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
 137
 138         # File with DLV trusted keys. Same format as trust-anchor-file.
 139         # There can be only one DLV configured, it is trusted from root down.
 140 @@ -409,15 +431,18 @@ server:
 141         # the amount of memory to use for the key cache.
 142         # plain value in bytes or you can append k, m or G. default is "4Mb".
 143         # key-cache-size: 4m
 144 +       key-cache-size: 100k
 145
 146         # the number of slabs to use for the key cache.
 147         # the number of slabs must be a power of 2.
 148         # more slabs reduce lock contention, but fragment memory usage.
 149         # key-cache-slabs: 4
 150 +       key-cache-slabs: 1
 151
 152         # the amount of memory to use for the negative cache (used for DLV).
 153         # plain value in bytes or you can append k, m or G. default is "1Mb".
 154         # neg-cache-size: 1m
 155 +       neg-cache-size: 10k
 156
 157         # a number of locally served zones can be configured.
 158         #       local-zone: <zone> <type>