net/unbound/patches/001-conf.patch

   1 diff --git a/doc/example.conf.in b/doc/example.conf.in
   2 index c520c88..98a148a 100644
   3 --- a/doc/example.conf.in
   4 +++ b/doc/example.conf.in
   5 @@ -1,20 +1,82 @@
   6 -#
   7 -# Example configuration file.
   8 -#
   9 -# See unbound.conf(5) man page, version 1.5.10.
  10 -#
  11 -# this is a comment.
  12 +##############################################################################
  13 +# MEMORY CONTROL EXAMPLE
  14 +# In the example config settings below memory usage is reduced. Some ser-
  15 +# vice levels are lower, notable very large data and a high TCP load are
  16 +# no longer supported ... are exceptional for the DNS.
  17 +# (http://unbound.net/documentation/unbound.conf.html)
  18 +##############################################################################
  19
  20  #Use this to include other text into the file.
  21  #include: "otherfile.conf"
  22
  23  # The server clause sets the main parameters.
  24  server:
  25 -       # whitespace is not necessary, but looks cleaner.
  26
  27 -       # verbosity number, 0 is least verbose. 1 is default.
  28 +       # verbosity 1 is default
  29         verbosity: 1
  30
  31 +       # Self jail Unbound with user "unbound" to /var/lib/unbound
  32 +       # The script /etc/init.d/unbound will setup the location
  33 +       username: "unbound"
  34 +       directory: "/var/lib/unbound"
  35 +       chroot: "/var/lib/unbound"
  36 +
  37 +       # The pid file is created before privleges drop so no concern
  38 +       pidfile: "/var/run/unbound.pid"
  39 +
  40 +       # no threads and no memory slabs for threads
  41 +       num-threads: 1
  42 +       msg-cache-slabs: 1
  43 +       rrset-cache-slabs: 1
  44 +       infra-cache-slabs: 1
  45 +       key-cache-slabs: 1
  46 +
  47 +       # don't be picky about interfaces but consider your firewall
  48 +       interface: 0.0.0.0
  49 +       interface: ::0
  50 +       access-control: 0.0.0.0/0 allow
  51 +       access-control: ::0/0 allow
  52 +
  53 +       # this limits TCP service but uses less buffers
  54 +       outgoing-num-tcp: 1
  55 +       incoming-num-tcp: 1
  56 +
  57 +       # use somewhat higher port numbers versus possible NAT issue
  58 +       outgoing-port-permit: "10240-65335"
  59 +
  60 +       # uses less memory but less performance
  61 +       outgoing-range: 60
  62 +       num-queries-per-thread: 30
  63 +
  64 +       # exclude large responses
  65 +       msg-buffer-size: 8192
  66 +
  67 +       # tiny memory cache
  68 +       infra-cache-numhosts: 200
  69 +       msg-cache-size: 100k
  70 +       rrset-cache-size: 100k
  71 +       key-cache-size: 100k
  72 +       neg-cache-size: 10k
  73 +
  74 +       # gentle on recursion
  75 +       target-fetch-policy: "2 1 0 0 0 0"
  76 +       harden-large-queries: yes
  77 +       harden-short-bufsize: yes
  78 +
  79 +       # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
  80 +       # -anchor-file:" The init script will copy root key to /var/lib/unbound.
  81 +       # See package documentation for crontab entry to copy RFC5011 results back.
  82 +       #module-config: "validator iterator"
  83 +       #auto-trust-anchor-file: "/var/lib/unbound/root.key"
  84 +
  85 +       # DNSSEC needs real time to validate signatures. If your device does not
  86 +       # have power off clock (reboot), then you may need this work around.
  87 +       #domain-insecure: "pool.ntp.org"
  88 +
  89 +##############################################################################
  90 +# Resume Stock example.conf.in
  91 +##############################################################################
  92 +
  93         # print statistics to the log (for every thread) every N seconds.
  94         # Set to "" or 0 to disable. Default is disabled.
  95         # statistics-interval: 0