7 # the amount of memory to use for the RRset cache.
8 # plain value in bytes or you can append k, m or G. default is "4Mb".
11 # the number of slabs to use for the RRset cache.
12 # the number of slabs must be a power of 2.
13 # more slabs reduce lock contention, but fragment memory usage.
16 # control which clients are allowed to make (recursive) queries
17 # to this server. Specify classless netblocks with /size and action.
18 # By default everything is refused, except for localhost.
19 # Choose deny (drop message), refuse (polite error reply),
20 # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
21 # access-control: 0.0.0.0/0 refuse
22 # access-control: 127.0.0.0/8 allow
23 # access-control: ::0/0 refuse
24 # access-control: ::1 allow
25 # access-control: ::ffff:127.0.0.1 allow
26 access-control: 0.0.0.0/0 allow
27 access-control: ::0/0 allow
30 # if given, user privileges are dropped (after binding port),
31 # and the given username is assumed. Default is user "unbound".
32 # If you give "" no privileges are dropped.
36 # the working directory. The relative files in this config are
37 # relative to this directory. If you give "" the working directory
39 directory: "/etc/unbound"
41 # the log file, "" means log to stderr.
42 # Use of this option sets use-syslog to "no".
45 # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
46 # log to, with identity "unbound". If yes, it overrides the logfile.
49 # print UTC timestamp in ascii to logfile, default is epoch in seconds.
52 # the pid file. Can be an absolute path outside of chroot/work dir.
53 pidfile: "/var/run/unbound.pid"
55 # file to read root hints from.
56 # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
57 root-hints: "named.cache"
60 # Root zone trust anchor key
61 # Will be autoupdated by unbound in case of key change
62 auto-trust-anchor-file: "root.autokey"
64 # If you want to also do DLV validation (RFC5074),
65 # download http://ftp.isc.org/www/dlv/dlv.isc.org.key
66 # and uncomment following line:
67 #dlv-anchor-file: "dlv.isc.org.key"
69 # You can also do ITAR validation (https://itar.iana.org)
70 # To download and update anchors.mf file, use update-itar.sh
71 # from page http://www.unbound.net/documentation/howto_itar.html
72 #trust-anchor-file: "anchors.mf"
75 # If you want to forward requests to another recursive DNS server
76 # uncomment this. Please note that many DNS recursors do strip
77 # DNSSEC data, rendering unbound server unusable.
80 # forward-addr: 8.8.8.8
81 # forward-addr: 8.8.4.4