PowerShell/data/unbound.conf

49 lines
2.8 KiB
Plaintext
Raw Normal View History

2022-05-25 12:38:32 +02:00
# Configuration file for Unbound DNS server (usually resides at: /etc/unbound/unbound.conf)
# =========================================================================================
2022-05-23 14:33:37 +02:00
remote-control:
control-enable: yes # allows control using "unbound-control"
2022-05-22 22:35:21 +02:00
server:
2022-05-29 10:50:38 +02:00
# GENERAL SETTINGS:
2022-05-23 14:33:37 +02:00
interface: 0.0.0.0 # listen on all IPv4 network interfaces
interface: ::0 # listen on all IPv6 network interfaces
port: 53 # listen on port 53
access-control: 127.0.0.1/8 allow # allow IPv4 queries from the local host
access-control: ::1/64 allow # allow IPv6 queries from the local host
access-control: 192.168.0.0/16 allow # allow IPv4 query from the local network
auto-trust-anchor-file: "/var/lib/unbound/root.key" # location of the trust anchor file that enables DNSSEC
2022-05-29 10:50:38 +02:00
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # for encrypted DNS over TLS
# PRIVACY SETTINGS:
qname-minimisation: yes # send minimal amount of information to upstream servers to enhance privacy
hide-identity: yes # less verbose responses
hide-version: yes # less verbose responses
verbosity: 0 # log nothing
# PERFORMANCE SETTINGS:
2022-06-02 16:04:33 +02:00
num-threads: 1 # number of threads to use (not more than CPU cores)
2022-05-29 10:50:38 +02:00
msg-cache-size: 100m
rrset-cache-size: 200m
2022-05-22 22:35:21 +02:00
aggressive-nsec: yes
2022-05-23 14:33:37 +02:00
prefetch: yes # refresh expiring cache entries, if less than 10% of their TTL remains
2022-05-25 12:38:32 +02:00
prefetch-key: yes
2022-06-02 16:04:33 +02:00
cache-min-ttl: 7200 # cache positive responses for 2 hours minimum
cache-max-ttl: 259200 # cache positive responses for 3 days maximum
2022-05-25 12:38:32 +02:00
cache-max-negative-ttl: 3600 # cache negative responses for 1 hour maximum
2022-05-23 14:33:37 +02:00
so-reuseport: yes # faster UDP with multithreading (only on Linux)
2022-05-22 22:35:21 +02:00
2022-05-25 12:38:32 +02:00
forward-zone:
name: "fritz.box."
forward-addr: 192.168.178.1@53 # forward "<hostname>.fritz.box" to local Fritz!Box
2022-05-22 22:35:21 +02:00
forward-zone:
name: "."
forward-tls-upstream: yes
2022-05-23 15:42:29 +02:00
forward-addr: 1.1.1.1@853#cloudflare-dns.com # Cloudflare (primary, IPv4, DNS over TLS)
forward-addr: 1.0.0.1@853#cloudflare-dns.com # Cloudflare (secondary, IPv4, DNS over TLS)
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com # Cloudflare (primary, IPv6, DNS over TLS)
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com # Cloudflare (secondary, IPv6, DNS over TLS)
# forward-addr: 1.1.1.1@53 # Cloudflare (primary IPv4, unencrypted)
# forward-addr: 1.0.0.1@53 # Cloudflare (secondary IPv4, unencrypted)
# forward-addr: 8.8.8.8@53 # Google Public DNS (primary IPv4, unencrypted)
# forward-addr: 8.8.4.4@53 # Google Public DNS (secondary IPv6, unecnrypted)
# forward-addr: 9.9.9.9@53 # Quad9 (IPv4, unencrypted)