Skip to content

Instantly share code, notes, and snippets.

@lepiaf

lepiaf/unbound.conf

Last active May 14, 2021
Embed
What would you like to do?
Unbound configuration IPv4 and IPv6
server:
interface: 0.0.0.0
interface: ::0
access-control: 192.168.42.0/24 allow
access-control: 127.0.0.0 allow
access-control: 2001:db8:dead:beef::/48 allow
# unbound optimisation
num-threads: 4
msg-cache-slabs: 16
rrset-cache-slabs: 16
infra-cache-slabs: 16
key-cache-slabs: 16
outgoing-range: 206
so-rcvbuf: 4m
so-sndbuf: 4m
so-reuseport: yes
rrset-cache-size: 100m
msg-cache-size: 50m
# unbound security
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
cache-max-ttl: 86400
cache-min-ttl: 3600
hide-identity: yes
hide-version: yes
minimal-responses: yes
prefetch: yes
use-caps-for-id: yes
verbosity: 1
harden-glue: yes
harden-dnssec-stripped: yes
# download from ftp://ftp.internic.net/domain/named.cache
root-hints: "/var/lib/unbound/root.hints"
private-domain: "company.lan"
private-address: 192.168.42.0/24
private-address: 2001:db8:dead:beef::/48
local-data: "server.company.lan. IN A 192.168.42.254"
local-data-ptr: "192.168.42.254 server.company.lan"
local-data: "server.company.lan. IN AAAA 2001:db8:dead:beef::254"
local-data-ptr: "2001:db8:dead:beef::254 server.company.lan"
include: "/etc/unbound/unbound.conf.d/*.conf"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment