36 lines
765 B
Plaintext
36 lines
765 B
Plaintext
server:
|
|
interface: 0.0.0.0
|
|
port: 5335
|
|
|
|
access-control: 172.30.0.0/24 allow
|
|
access-control: 10.0.0.0/8 allow
|
|
access-control: 172.16.0.0/12 allow
|
|
access-control: 192.168.0.0/16 allow
|
|
|
|
# True recursion (NO forwarders)
|
|
root-hints: "/etc/unbound/root.hints"
|
|
|
|
# DNSSEC (needs writable location)
|
|
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
|
harden-dnssec-stripped: yes
|
|
val-permissive-mode: no
|
|
|
|
# Hardening / privacy
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
qname-minimisation: yes
|
|
harden-glue: yes
|
|
harden-below-nxdomain: yes
|
|
do-not-query-localhost: yes
|
|
minimal-responses: yes
|
|
|
|
# Network
|
|
do-ip4: yes
|
|
do-udp: yes
|
|
do-tcp: yes
|
|
do-ip6: no
|
|
|
|
# This warning is harmless, but you can silence it:
|
|
so-sndbuf: 0
|
|
so-rcvbuf: 0
|