1 diff --git a/doc/example.conf.in b/doc/example.conf.in
2 index 55bbc32..14452fa 100644
3 --- a/doc/example.conf.in
4 +++ b/doc/example.conf.in
7 -# Example configuration file.
9 -# See unbound.conf(5) man page, version 1.6.0.
12 +##############################################################################
13 +# MEMORY CONTROL EXAMPLE
14 +# In the example config settings below memory usage is reduced. Some ser-
15 +# vice levels are lower, notable very large data and a high TCP load are
16 +# no longer supported ... are exceptional for the DNS.
17 +# (http://unbound.net/documentation/unbound.conf.html)
18 +##############################################################################
20 #Use this to include other text into the file.
21 #include: "otherfile.conf"
23 # The server clause sets the main parameters.
25 - # whitespace is not necessary, but looks cleaner.
27 - # verbosity number, 0 is least verbose. 1 is default.
28 + # verbosity 1 is default
31 + # Self jail Unbound with user "unbound" to /var/lib/unbound
32 + # The script /etc/init.d/unbound will setup the location
34 + directory: "/var/lib/unbound"
35 + chroot: "/var/lib/unbound"
37 + # The pid file is created before privleges drop so no concern
38 + pidfile: "/var/run/unbound.pid"
40 + # no threads and no memory slabs for threads
43 + rrset-cache-slabs: 1
44 + infra-cache-slabs: 1
47 + # don't be picky about interfaces but consider your firewall
50 + access-control: 0.0.0.0/0 allow
51 + access-control: ::0/0 allow
53 + # this limits TCP service but uses less buffers
57 + # use somewhat higher port numbers versus possible NAT issue
58 + outgoing-port-permit: "10240-65335"
60 + # uses less memory but less performance
62 + num-queries-per-thread: 30
64 + # exclude large responses
65 + msg-buffer-size: 8192
68 + infra-cache-numhosts: 200
69 + msg-cache-size: 100k
70 + rrset-cache-size: 100k
71 + key-cache-size: 100k
74 + # gentle on recursion
75 + target-fetch-policy: "2 1 0 0 0 0"
76 + harden-large-queries: yes
77 + harden-short-bufsize: yes
79 + # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
80 + # -anchor-file:" The init script will copy root key to /var/lib/unbound.
81 + # See package documentation for crontab entry to copy RFC5011 results back.
82 + #module-config: "validator iterator"
83 + #auto-trust-anchor-file: "/var/lib/unbound/root.key"
85 + # DNSSEC needs real time to validate signatures. If your device does not
86 + # have power off clock (reboot), then you may need this work around.
87 + #domain-insecure: "pool.ntp.org"
89 +##############################################################################
90 +# Resume Stock example.conf.in
91 +##############################################################################
93 # print statistics to the log (for every thread) every N seconds.
94 # Set to "" or 0 to disable. Default is disabled.
95 # statistics-interval: 0