-
Notifications
You must be signed in to change notification settings - Fork 0
/
unbound.conf
78 lines (77 loc) · 1.86 KB
/
unbound.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
server:
# Main stuff
interface: 127.0.0.1
port: 53
access-control: 127.0.0.1/8 allow
prefer-ip4: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
directory: "/etc/unbound"
trust-anchor-file: trusted-key.key
username: "unbound"
chroot: ""
# Disable logging
use-syslog: no
verbosity: 0
log-time-ascii: no
log-queries: no
log-replies: no
log-local-actions: no
# Privacy Concerns
hide-identity: yes
hide-version: yes
http-user-agent: ""
tls-system-cert: yes
tls-upstream: yes
minimal-responses: yes
qname-minimisation: yes
qname-minimisation-strict: yes
# Limit DNS Fraud, hardening and use DNSSEC
harden-short-bufsize: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
harden-algo-downgrade: yes
harden-below-nxdomain: yes
use-caps-for-id: yes
aggressive-nsec: yes
rrset-roundrobin: yes
# Optimizations
cache-min-ttl: 300
cache-max-ttl: 14400
msg-cache-slabs: 8
num-threads: 4
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
serve-expired: yes
serve-expired-ttl: 3600
edns-buffer-size: 1232
prefetch: yes
prefetch-key: yes
target-fetch-policy: "3 2 1 1 1"
unwanted-reply-threshold: 10000000
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
# Protect these adresses against 'DNS Rebinding'
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: 255.255.255.255
private-address: fd00::/8
private-address: fe80::/10
forward-zone:
# Set resolv.conf nameserver to 127.0.0.1 so unbound can resolve your DNS server
name: "."
forward-tls-upstream: yes
forward-first: no
# Quad9 Default DNS
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
# Cloudfare Security DNS
forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
forward-addr: 1.0.0.2@853#security.cloudflare-dns.com