3ea940ca63a6180f7a193a8d764d9fd10f19cfb1
[openwrt/svn-archive/archive.git] / net / unbound / files / unbound.conf
1 server:
2 verbosity: 1
3
4 interface: ::0
5 interface: 0.0.0.0
6
7 # the amount of memory to use for the RRset cache.
8 # plain value in bytes or you can append k, m or G. default is "4Mb".
9 rrset-cache-size: 1m
10
11 # the number of slabs to use for the RRset cache.
12 # the number of slabs must be a power of 2.
13 # more slabs reduce lock contention, but fragment memory usage.
14 rrset-cache-slabs: 2
15
16 # control which clients are allowed to make (recursive) queries
17 # to this server. Specify classless netblocks with /size and action.
18 # By default everything is refused, except for localhost.
19 # Choose deny (drop message), refuse (polite error reply),
20 # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
21 # access-control: 0.0.0.0/0 refuse
22 # access-control: 127.0.0.0/8 allow
23 # access-control: ::0/0 refuse
24 # access-control: ::1 allow
25 # access-control: ::ffff:127.0.0.1 allow
26 access-control: 0.0.0.0/0 allow
27 access-control: ::0/0 allow
28
29
30 # if given, user privileges are dropped (after binding port),
31 # and the given username is assumed. Default is user "unbound".
32 # If you give "" no privileges are dropped.
33 # username: "unbound"
34 username: ""
35
36 # the working directory. The relative files in this config are
37 # relative to this directory. If you give "" the working directory
38 # is not changed.
39 directory: "/etc/unbound"
40
41 # the log file, "" means log to stderr.
42 # Use of this option sets use-syslog to "no".
43 # logfile: ""
44
45 # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
46 # log to, with identity "unbound". If yes, it overrides the logfile.
47 use-syslog: yes
48
49 # print UTC timestamp in ascii to logfile, default is epoch in seconds.
50 # log-time-ascii: no
51
52 # the pid file. Can be an absolute path outside of chroot/work dir.
53 pidfile: "/var/run/unbound.pid"
54
55 # file to read root hints from.
56 # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
57 root-hints: "named.cache"
58
59
60 # Root zone trust anchor key
61 # Will be autoupdated by unbound in case of key change
62 auto-trust-anchor-file: "root.autokey"
63
64 # If you want to also do DLV validation (RFC5074),
65 # download http://ftp.isc.org/www/dlv/dlv.isc.org.key
66 # and uncomment following line:
67 #dlv-anchor-file: "dlv.isc.org.key"
68
69 # You can also do ITAR validation (https://itar.iana.org)
70 # To download and update anchors.mf file, use update-itar.sh
71 # from page http://www.unbound.net/documentation/howto_itar.html
72 #trust-anchor-file: "anchors.mf"
73
74
75 # If you want to forward requests to another recursive DNS server
76 # uncomment this. Please note that many DNS recursors do strip
77 # DNSSEC data, rendering unbound server unusable.
78 # forward-zone:
79 # name: "."
80 # forward-addr: 8.8.8.8
81 # forward-addr: 8.8.4.4
82
83