Initial commit

2026-01-15 09:10:07 -05:00
commit 5b73c9bb10
40 changed files with 2860548 additions and 0 deletions
--- a/unbound/unbound.conf
+++ b/unbound/unbound.conf
@@ -0,0 +1,35 @@
+server:
+  interface: 0.0.0.0
+  port: 5335
+
+  access-control: 172.30.0.0/24 allow
+  access-control: 10.0.0.0/8 allow
+  access-control: 172.16.0.0/12 allow
+  access-control: 192.168.0.0/16 allow
+
+  # True recursion (NO forwarders)
+  root-hints: "/etc/unbound/root.hints"
+
+  # DNSSEC (needs writable location)
+  auto-trust-anchor-file: "/var/lib/unbound/root.key"
+  harden-dnssec-stripped: yes
+  val-permissive-mode: no
+
+  # Hardening / privacy
+  hide-identity: yes
+  hide-version: yes
+  qname-minimisation: yes
+  harden-glue: yes
+  harden-below-nxdomain: yes
+  do-not-query-localhost: yes
+  minimal-responses: yes
+
+  # Network
+  do-ip4: yes
+  do-udp: yes
+  do-tcp: yes
+  do-ip6: no
+
+  # This warning is harmless, but you can silence it:
+  so-sndbuf: 0
+  so-rcvbuf: 0