1 diff --git a/doc/example.conf.in b/doc/example.conf.in
2 index 5396029..cbb51ec 100644
3 --- a/doc/example.conf.in
4 +++ b/doc/example.conf.in
7 -# Example configuration file.
9 -# See unbound.conf(5) man page, version 1.6.5.
12 +##############################################################################
13 +# MEMORY CONTROL EXAMPLE
14 +# In the example config settings below memory usage is reduced. Some ser-
15 +# vice levels are lower, notable very large data and a high TCP load are
16 +# no longer supported ... are exceptional for the DNS.
17 +# (http://unbound.net/documentation/unbound.conf.html)
18 +##############################################################################
20 #Use this to include other text into the file.
21 #include: "otherfile.conf"
24 # whitespace is not necessary, but looks cleaner.
26 - # verbosity number, 0 is least verbose. 1 is default.
27 + # verbosity 1 is default
30 + # Self jail Unbound with user "unbound" to /var/lib/unbound
31 + # The script /etc/init.d/unbound will setup the location
33 + directory: "/var/lib/unbound"
34 + chroot: "/var/lib/unbound"
36 + # The pid file is created before privleges drop so no concern
37 + pidfile: "/var/run/unbound.pid"
39 + # no threads and no memory slabs for threads
42 + rrset-cache-slabs: 1
43 + infra-cache-slabs: 1
46 + # don't be picky about interfaces but consider your firewall
49 + access-control: 0.0.0.0/0 allow
50 + access-control: ::0/0 allow
52 + # this limits TCP service but uses less buffers
56 + # use somewhat higher port numbers versus possible NAT issue
57 + outgoing-port-permit: "10240-65335"
59 + # uses less memory but less performance
61 + num-queries-per-thread: 30
63 + # exclude large responses
64 + msg-buffer-size: 8192
67 + infra-cache-numhosts: 200
68 + msg-cache-size: 100k
69 + rrset-cache-size: 100k
70 + key-cache-size: 100k
73 + # gentle on recursion
74 + target-fetch-policy: "2 1 0 0 0 0"
75 + harden-large-queries: yes
76 + harden-short-bufsize: yes
78 + # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
79 + # -anchor-file:" The init script will copy root key to /var/lib/unbound.
80 + # See package documentation for crontab entry to copy RFC5011 results back.
81 + #module-config: "validator iterator"
82 + #auto-trust-anchor-file: "/var/lib/unbound/root.key"
84 + # DNSSEC needs real time to validate signatures. If your device does not
85 + # have power off clock (reboot), then you may need this work around.
86 + #domain-insecure: "pool.ntp.org"
88 +##############################################################################
89 +# Resume Stock example.conf.in
90 +##############################################################################
92 # print statistics to the log (for every thread) every N seconds.
93 # Set to "" or 0 to disable. Default is disabled.
94 # statistics-interval: 0