Skip to content

Instantly share code, notes, and snippets.

@cpu
Created Jul 19, 2017
Embed
What would you like to do?
Sanitized unbound config for CAA SERVFAIL repro. Note: this has `access-control` configs *removed* and may be unsafe to run as-is.
server:
log-replies: yes
log-queries: yes
outgoing-num-tcp: 6000
num-queries-per-thread: 6000
outgoing-range: 48000
jostle-timeout: 1000
num-threads: 6
incoming-num-tcp: 2000
so-rcvbuf: 4m
so-sndbuf: 4m
so-reuseport: yes
verbosity: 2
logfile: "/var/log/unbound.log"
statistics-interval: 60
extended-statistics: yes
use-syslog: no
log-time-ascii: yes
chroot: ""
username: "unbound"
directory: "/etc/unbound"
interface: 0.0.0.0
interface: ::0
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
root-hints: "/var/lib/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-min-ttl: 0
cache-max-ttl: 60
cache-max-negative-ttl: 0
neg-cache-size: 0
prefetch: no
msg-cache-slabs: 32
rrset-cache-slabs: 32
infra-cache-slabs: 32
key-cache-slabs: 32
rrset-cache-size: 256m
msg-cache-size: 128m
unwanted-reply-threshold: 10000
do-not-query-localhost: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/usr/share/dns/root.key"
val-clean-additional: yes
remote-control:
control-enable: yes
server:
tcp-upstream: no
port: 1053
include: "/etc/unbound/unbound-common.conf"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment