X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=blobdiff_plain;f=net%2Funbound%2Ffiles%2Funbound.conf;h=3ea940ca63a6180f7a193a8d764d9fd10f19cfb1;hp=50c35938933f449b90edd57059865a23a831a876;hb=ffd3bb4475b4638fb7d70ecc1f7bb425340db42e;hpb=05a67971d89824e889dc72ef57def8d0684d9b3d diff --git a/net/unbound/files/unbound.conf b/net/unbound/files/unbound.conf index 50c3593893..3ea940ca63 100644 --- a/net/unbound/files/unbound.conf +++ b/net/unbound/files/unbound.conf @@ -40,11 +40,11 @@ server: # the log file, "" means log to stderr. # Use of this option sets use-syslog to "no". - logfile: "" + # logfile: "" # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to # log to, with identity "unbound". If yes, it overrides the logfile. - # use-syslog: yes + use-syslog: yes # print UTC timestamp in ascii to logfile, default is epoch in seconds. # log-time-ascii: no @@ -54,23 +54,22 @@ server: # file to read root hints from. # get one from ftp://FTP.INTERNIC.NET/domain/named.cache - # root-hints: "" - - # File with DLV trusted keys. Same format as trust-anchor-file. - # There can be only one DLV configured, it is trusted from root down. - # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key - dlv-anchor-file: "dlv.isc.org.key" - - # File with trusted keys for validation. Specify more than one file - # with several entries, one file per entry. - # Zone file format, with DS and DNSKEY entries. - # trust-anchor-file: "" - trust-anchor-file: "anchors.mf" - - # File with trusted keys, kept uptodate using RFC5011 probes, - # initial file like trust-anchor-file, then it stores metadata. - # Use several entries, one per domain name, to track multiple zones. - # auto-trust-anchor-file: "" + root-hints: "named.cache" + + + # Root zone trust anchor key + # Will be autoupdated by unbound in case of key change + auto-trust-anchor-file: "root.autokey" + + # If you want to also do DLV validation (RFC5074), + # download http://ftp.isc.org/www/dlv/dlv.isc.org.key + # and uncomment following line: + #dlv-anchor-file: "dlv.isc.org.key" + + # You can also do ITAR validation (https://itar.iana.org) + # To download and update anchors.mf file, use update-itar.sh + # from page http://www.unbound.net/documentation/howto_itar.html + #trust-anchor-file: "anchors.mf" # If you want to forward requests to another recursive DNS server