-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunbound.conf
55 lines (49 loc) · 1.28 KB
/
unbound.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
server:
# log in docker log with readable timestamp
verbosity: 2
logfile: ""
log-time-ascii: yes
do-daemonize: no
# allow only IPv4 from Private nets and self
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: no
prefer-ip6: no
access-control: 127.0.0.1/32 allow
access-control: 192.168.0.0/16 allow
access-control: 172.16.0.0/12 allow
access-control: 10.0.0.0/8 allow
# hints & anchor are included in the container
root-hints: "/app/data/root.hints"
auto-trust-anchor-file: "/app/data/root.key"
# identity
identity: "DNS"
deny-any: yes
hide-version: yes
hide-identity: yes
rrset-roundrobin: yes
minimal-responses: yes
qname-minimisation: yes
# harden up
harden-glue: yes
harden-large-queries: yes
harden-dnssec-stripped: yes
harden-algo-downgrade: yes
harden-short-bufsize: yes
# cache size & timing
num-threads: 1
prefetch: yes
prefetch-key: yes
serve-expired: yes
neg-cache-size: 4M
msg-cache-size: 50m
edns-buffer-size: 1232
rrset-cache-size: 100m
cache-min-ttl: 300
cache-max-ttl: 86400
unwanted-reply-threshold: 100000
# load additional configurations
include: /app/config/conf.d/*.conf