net/unbound/files/unbound.conf

   1 server:
   2         verbosity: 1
   3
   4         interface: ::0
   5         interface: 0.0.0.0
   6
   7         # the amount of memory to use for the RRset cache.
   8         # plain value in bytes or you can append k, m or G. default is "4Mb".
   9         rrset-cache-size: 1m
  10
  11         # the number of slabs to use for the RRset cache.
  12         # the number of slabs must be a power of 2.
  13         # more slabs reduce lock contention, but fragment memory usage.
  14         rrset-cache-slabs: 2
  15
  16         # control which clients are allowed to make (recursive) queries
  17         # to this server. Specify classless netblocks with /size and action.
  18         # By default everything is refused, except for localhost.
  19         # Choose deny (drop message), refuse (polite error reply),
  20         # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
  21         # access-control: 0.0.0.0/0 refuse
  22         # access-control: 127.0.0.0/8 allow
  23         # access-control: ::0/0 refuse
  24         # access-control: ::1 allow
  25         # access-control: ::ffff:127.0.0.1 allow
  26         access-control: 0.0.0.0/0 allow
  27         access-control: ::0/0 allow
  28
  29
  30         # if given, user privileges are dropped (after binding port),
  31         # and the given username is assumed. Default is user "unbound".
  32         # If you give "" no privileges are dropped.
  33         # username: "unbound"
  34         username: ""
  35
  36         # the working directory. The relative files in this config are
  37         # relative to this directory. If you give "" the working directory
  38         # is not changed.
  39         directory: "/etc/unbound"
  40
  41         # the log file, "" means log to stderr.
  42         # Use of this option sets use-syslog to "no".
  43         # logfile: ""
  44
  45         # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
  46         # log to, with identity "unbound". If yes, it overrides the logfile.
  47         use-syslog: yes
  48
  49         # print UTC timestamp in ascii to logfile, default is epoch in seconds.
  50         # log-time-ascii: no
  51
  52         # the pid file. Can be an absolute path outside of chroot/work dir.
  53         pidfile: "/var/run/unbound.pid"
  54
  55         # file to read root hints from.
  56         # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
  57         root-hints: "named.cache"
  58
  59
  60         # Root zone trust anchor key
  61         # Will be autoupdated by unbound in case of key change
  62         auto-trust-anchor-file: "root.autokey"
  63
  64         # If you want to also do DLV validation (RFC5074),
  65         # download http://ftp.isc.org/www/dlv/dlv.isc.org.key
  66         # and uncomment following line:
  67         #dlv-anchor-file: "dlv.isc.org.key"
  68
  69         # You can also do ITAR validation (https://itar.iana.org)
  70         # To download and update anchors.mf file, use update-itar.sh
  71         # from page http://www.unbound.net/documentation/howto_itar.html
  72         #trust-anchor-file: "anchors.mf"
  73
  74
  75     # If you want to forward requests to another recursive DNS server
  76     # uncomment this. Please note that many DNS recursors do strip
  77     # DNSSEC data, rendering unbound server unusable.
  78     # forward-zone:
  79     #   name: "."
  80     #   forward-addr: 8.8.8.8
  81     #   forward-addr: 8.8.4.4
  82
  83