Update unbound.conf

2025-04-15 22:48:17 +02:00 · 2022-05-29 10:50:38 +02:00 · 2022-05-29 10:50:38 +02:00 · a85bb07933
commit a85bb07933
parent fb835bcd7f
1 changed files with 11 additions and 9 deletions
--- a/Data/unbound.conf
+++ b/Data/unbound.conf
@ -4,29 +4,31 @@ remote-control:
        control-enable: yes               # allows control using "unbound-control"

 server:
+	# GENERAL SETTINGS:
 	interface: 0.0.0.0                # listen on all IPv4 network interfaces
 	interface: ::0	                  # listen on all IPv6 network interfaces
 	port: 53                          # listen on port 53
 	access-control: 127.0.0.1/8 allow # allow IPv4 queries from the local host
 	access-control: ::1/64 allow      # allow IPv6 queries from the local host
        access-control: 192.168.0.0/16 allow # allow IPv4 query from the local network
-
-        qname-minimisation: yes           # send minimal amount of information to upstream servers to enhance privacy
        auto-trust-anchor-file: "/var/lib/unbound/root.key" # location of the trust anchor file that enables DNSSEC
-	num-threads: 1
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # for encrypted DNS over TLS
+	# PRIVACY SETTINGS:
+        qname-minimisation: yes           # send minimal amount of information to upstream servers to enhance privacy
+	hide-identity: yes                # less verbose responses
+	hide-version: yes                 # less verbose responses
+	verbosity: 0                      # log nothing
+	# PERFORMANCE SETTINGS:
+	num-threads: 2			  # number of threads to use (not more than CPU cores)
+	msg-cache-size: 100m
+	rrset-cache-size: 200m
 	aggressive-nsec: yes
 	prefetch: yes                     # refresh expiring cache entries, if less than 10% of their TTL remains
 	prefetch-key: yes
-	hide-identity: yes                # less verbose responses
-	hide-version: yes                 # less verbose responses
-	rrset-cache-size: 100m
-	msg-cache-size: 50m
 	cache-min-ttl: 3600               # cache positive responses for 1 hour minimum
 	cache-max-ttl: 172800             # cache positive responses for 2 days maximum 
 	cache-max-negative-ttl: 3600      # cache negative responses for 1 hour maximum 
 	so-reuseport: yes                 # faster UDP with multithreading (only on Linux)
-	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # for encrypted DNS over TLS
-	verbosity: 0                      # log nothing

 forward-zone:
 	name: "fritz.box."