net/unbound/files/unbound.conf

   1 server:
   2         verbosity: 1
   3
   4         interface: ::0
   5         interface: 0.0.0.0
   6
   7         # the amount of memory to use for the RRset cache.
   8         # plain value in bytes or you can append k, m or G. default is "4Mb".
   9         rrset-cache-size: 1m
  10
  11         # the number of slabs to use for the RRset cache.
  12         # the number of slabs must be a power of 2.
  13         # more slabs reduce lock contention, but fragment memory usage.
  14         rrset-cache-slabs: 2
  15
  16         # control which clients are allowed to make (recursive) queries
  17         # to this server. Specify classless netblocks with /size and action.
  18         # By default everything is refused, except for localhost.
  19         # Choose deny (drop message), refuse (polite error reply),
  20         # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
  21         # access-control: 0.0.0.0/0 refuse
  22         # access-control: 127.0.0.0/8 allow
  23         # access-control: ::0/0 refuse
  24         # access-control: ::1 allow
  25         # access-control: ::ffff:127.0.0.1 allow
  26         access-control: 0.0.0.0/0 allow
  27         access-control: ::0/0 allow
  28
  29
  30         # if given, user privileges are dropped (after binding port),
  31         # and the given username is assumed. Default is user "unbound".
  32         # If you give "" no privileges are dropped.
  33         # username: "unbound"
  34         username: ""
  35
  36         # the working directory. The relative files in this config are
  37         # relative to this directory. If you give "" the working directory
  38         # is not changed.
  39         directory: "/etc/unbound"
  40
  41         # the log file, "" means log to stderr.
  42         # Use of this option sets use-syslog to "no".
  43          logfile: ""
  44
  45         # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
  46         # log to, with identity "unbound". If yes, it overrides the logfile.
  47         # use-syslog: yes
  48
  49         # print UTC timestamp in ascii to logfile, default is epoch in seconds.
  50         # log-time-ascii: no
  51
  52         # the pid file. Can be an absolute path outside of chroot/work dir.
  53         pidfile: "/var/run/unbound.pid"
  54
  55         # file to read root hints from.
  56         # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
  57         # root-hints: ""
  58
  59         # File with DLV trusted keys. Same format as trust-anchor-file.
  60         # There can be only one DLV configured, it is trusted from root down.
  61         # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
  62         dlv-anchor-file: "dlv.isc.org.key"
  63
  64         # File with trusted keys for validation. Specify more than one file
  65         # with several entries, one file per entry.
  66         # Zone file format, with DS and DNSKEY entries.
  67         # trust-anchor-file: ""
  68         trust-anchor-file: "anchors.mf"
  69
  70         # File with trusted keys, kept uptodate using RFC5011 probes,
  71         # initial file like trust-anchor-file, then it stores metadata.
  72         # Use several entries, one per domain name, to track multiple zones.
  73         # auto-trust-anchor-file: ""
  74
  75
  76     # If you want to forward requests to another recursive DNS server
  77     # uncomment this. Please note that many DNS recursors do strip
  78     # DNSSEC data, rendering unbound server unusable.
  79     # forward-zone:
  80     #   name: "."
  81     #   forward-addr: 8.8.8.8
  82     #   forward-addr: 8.8.4.4
  83
  84