7 # the amount of memory to use for the RRset cache.
8 # plain value in bytes or you can append k, m or G. default is "4Mb".
11 # the number of slabs to use for the RRset cache.
12 # the number of slabs must be a power of 2.
13 # more slabs reduce lock contention, but fragment memory usage.
16 # control which clients are allowed to make (recursive) queries
17 # to this server. Specify classless netblocks with /size and action.
18 # By default everything is refused, except for localhost.
19 # Choose deny (drop message), refuse (polite error reply),
20 # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
21 # access-control: 0.0.0.0/0 refuse
22 # access-control: 127.0.0.0/8 allow
23 # access-control: ::0/0 refuse
24 # access-control: ::1 allow
25 # access-control: ::ffff:127.0.0.1 allow
26 access-control: 0.0.0.0/0 allow
27 access-control: ::0/0 allow
30 # if given, user privileges are dropped (after binding port),
31 # and the given username is assumed. Default is user "unbound".
32 # If you give "" no privileges are dropped.
36 # the working directory. The relative files in this config are
37 # relative to this directory. If you give "" the working directory
39 directory: "/etc/unbound"
41 # the log file, "" means log to stderr.
42 # Use of this option sets use-syslog to "no".
45 # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
46 # log to, with identity "unbound". If yes, it overrides the logfile.
49 # print UTC timestamp in ascii to logfile, default is epoch in seconds.
52 # the pid file. Can be an absolute path outside of chroot/work dir.
53 pidfile: "/var/run/unbound.pid"
55 # file to read root hints from.
56 # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
59 # File with DLV trusted keys. Same format as trust-anchor-file.
60 # There can be only one DLV configured, it is trusted from root down.
61 # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
62 dlv-anchor-file: "dlv.isc.org.key"
64 # File with trusted keys for validation. Specify more than one file
65 # with several entries, one file per entry.
66 # Zone file format, with DS and DNSKEY entries.
67 # trust-anchor-file: ""
68 trust-anchor-file: "anchors.mf"
70 # File with trusted keys, kept uptodate using RFC5011 probes,
71 # initial file like trust-anchor-file, then it stores metadata.
72 # Use several entries, one per domain name, to track multiple zones.
73 # auto-trust-anchor-file: ""
76 # If you want to forward requests to another recursive DNS server
77 # uncomment this. Please note that many DNS recursors do strip
78 # DNSSEC data, rendering unbound server unusable.
81 # forward-addr: 8.8.8.8
82 # forward-addr: 8.8.4.4