50c35938933f449b90edd57059865a23a831a876
[openwrt/svn-archive/archive.git] / net / unbound / files / unbound.conf
1 server:
2 verbosity: 1
3
4 interface: ::0
5 interface: 0.0.0.0
6
7 # the amount of memory to use for the RRset cache.
8 # plain value in bytes or you can append k, m or G. default is "4Mb".
9 rrset-cache-size: 1m
10
11 # the number of slabs to use for the RRset cache.
12 # the number of slabs must be a power of 2.
13 # more slabs reduce lock contention, but fragment memory usage.
14 rrset-cache-slabs: 2
15
16 # control which clients are allowed to make (recursive) queries
17 # to this server. Specify classless netblocks with /size and action.
18 # By default everything is refused, except for localhost.
19 # Choose deny (drop message), refuse (polite error reply),
20 # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
21 # access-control: 0.0.0.0/0 refuse
22 # access-control: 127.0.0.0/8 allow
23 # access-control: ::0/0 refuse
24 # access-control: ::1 allow
25 # access-control: ::ffff:127.0.0.1 allow
26 access-control: 0.0.0.0/0 allow
27 access-control: ::0/0 allow
28
29
30 # if given, user privileges are dropped (after binding port),
31 # and the given username is assumed. Default is user "unbound".
32 # If you give "" no privileges are dropped.
33 # username: "unbound"
34 username: ""
35
36 # the working directory. The relative files in this config are
37 # relative to this directory. If you give "" the working directory
38 # is not changed.
39 directory: "/etc/unbound"
40
41 # the log file, "" means log to stderr.
42 # Use of this option sets use-syslog to "no".
43 logfile: ""
44
45 # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
46 # log to, with identity "unbound". If yes, it overrides the logfile.
47 # use-syslog: yes
48
49 # print UTC timestamp in ascii to logfile, default is epoch in seconds.
50 # log-time-ascii: no
51
52 # the pid file. Can be an absolute path outside of chroot/work dir.
53 pidfile: "/var/run/unbound.pid"
54
55 # file to read root hints from.
56 # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
57 # root-hints: ""
58
59 # File with DLV trusted keys. Same format as trust-anchor-file.
60 # There can be only one DLV configured, it is trusted from root down.
61 # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
62 dlv-anchor-file: "dlv.isc.org.key"
63
64 # File with trusted keys for validation. Specify more than one file
65 # with several entries, one file per entry.
66 # Zone file format, with DS and DNSKEY entries.
67 # trust-anchor-file: ""
68 trust-anchor-file: "anchors.mf"
69
70 # File with trusted keys, kept uptodate using RFC5011 probes,
71 # initial file like trust-anchor-file, then it stores metadata.
72 # Use several entries, one per domain name, to track multiple zones.
73 # auto-trust-anchor-file: ""
74
75
76 # If you want to forward requests to another recursive DNS server
77 # uncomment this. Please note that many DNS recursors do strip
78 # DNSSEC data, rendering unbound server unusable.
79 # forward-zone:
80 # name: "."
81 # forward-addr: 8.8.8.8
82 # forward-addr: 8.8.4.4
83
84