2011-07-13 05:35:48 +00:00
|
|
|
--- a/doc/example.conf.in
|
|
|
|
+++ b/doc/example.conf.in
|
|
|
|
@@ -38,6 +38,8 @@ server:
|
|
|
|
# interface: 192.0.2.154
|
|
|
|
# interface: 192.0.2.154@5003
|
|
|
|
# interface: 2001:DB8::5
|
|
|
|
+ interface: 0.0.0.0
|
|
|
|
+ interface: ::0
|
|
|
|
|
|
|
|
# enable this feature to copy the source address of queries to reply.
|
|
|
|
# Socket options are not supported on all platforms. experimental.
|
|
|
|
@@ -57,6 +59,7 @@ server:
|
|
|
|
# port range that can be open simultaneously. About double the
|
|
|
|
# num-queries-per-thread, or, use as many as the OS will allow you.
|
|
|
|
# outgoing-range: 4096
|
|
|
|
+ outgoing-range: 60
|
|
|
|
|
|
|
|
# permit unbound to use this port number or port range for
|
|
|
|
# making outgoing queries, using an outgoing interface.
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -73,9 +76,11 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
|
|
|
|
# number of outgoing simultaneous tcp buffers to hold per thread.
|
|
|
|
# outgoing-num-tcp: 10
|
|
|
|
+ outgoing-num-tcp: 1
|
|
|
|
|
|
|
|
# number of incoming simultaneous tcp buffers to hold per thread.
|
|
|
|
# incoming-num-tcp: 10
|
|
|
|
+ incoming-num-tcp: 1
|
|
|
|
|
|
|
|
# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
|
|
|
|
# 0 is system default. Use 4m to catch query spikes for busy servers.
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -96,18 +101,22 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# buffer size for handling DNS data. No messages larger than this
|
|
|
|
# size can be sent or received, by UDP or TCP. In bytes.
|
|
|
|
# msg-buffer-size: 65552
|
|
|
|
+ msg-buffer-size: 8192
|
|
|
|
|
|
|
|
# the amount of memory to use for the message cache.
|
|
|
|
# plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
|
|
# msg-cache-size: 4m
|
|
|
|
+ msg-cache-size: 100k
|
|
|
|
|
|
|
|
# the number of slabs to use for the message cache.
|
|
|
|
# the number of slabs must be a power of 2.
|
|
|
|
# more slabs reduce lock contention, but fragment memory usage.
|
|
|
|
# msg-cache-slabs: 4
|
|
|
|
+ msg-cache-slabs: 1
|
|
|
|
|
|
|
|
# the number of queries that a thread gets to service.
|
|
|
|
# num-queries-per-thread: 1024
|
|
|
|
+ num-queries-per-thread: 30
|
|
|
|
|
|
|
|
# if very busy, 50% queries run to completion, 50% get timeout in msec
|
|
|
|
# jostle-timeout: 200
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -115,11 +124,13 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# the amount of memory to use for the RRset cache.
|
|
|
|
# plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
|
|
# rrset-cache-size: 4m
|
|
|
|
+ rrset-cache-size: 100k
|
|
|
|
|
|
|
|
# the number of slabs to use for the RRset cache.
|
|
|
|
# the number of slabs must be a power of 2.
|
|
|
|
# more slabs reduce lock contention, but fragment memory usage.
|
|
|
|
# rrset-cache-slabs: 4
|
|
|
|
+ rrset-cache-slabs: 1
|
|
|
|
|
|
|
|
# the time to live (TTL) value lower bound, in seconds. Default 0.
|
|
|
|
# If more than an hour could easily give trouble due to stale data.
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -137,9 +148,11 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# the number of slabs must be a power of 2.
|
|
|
|
# more slabs reduce lock contention, but fragment memory usage.
|
|
|
|
# infra-cache-slabs: 4
|
|
|
|
+ infra-cache-slabs: 1
|
|
|
|
|
2012-01-19 05:06:37 +00:00
|
|
|
# the maximum number of hosts that are cached (roundtrip, EDNS, lame).
|
2011-07-13 05:35:48 +00:00
|
|
|
# infra-cache-numhosts: 10000
|
|
|
|
+ infra-cache-numhosts: 200
|
|
|
|
|
|
|
|
# Enable IPv4, "yes" or "no".
|
|
|
|
# do-ip4: yes
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -170,6 +183,8 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# access-control: ::0/0 refuse
|
|
|
|
# access-control: ::1 allow
|
|
|
|
# access-control: ::ffff:127.0.0.1 allow
|
|
|
|
+ access-control: 0.0.0.0/0 allow
|
|
|
|
+ access-control: ::0/0 allow
|
|
|
|
|
|
|
|
# if given, a chroot(2) is done to the given directory.
|
|
|
|
# i.e. you can chroot to the working directory, for example,
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -200,6 +215,7 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# and the given username is assumed. Default is user "unbound".
|
|
|
|
# If you give "" no privileges are dropped.
|
|
|
|
# username: "@UNBOUND_USERNAME@"
|
|
|
|
+ username: ""
|
|
|
|
|
|
|
|
# the working directory. The relative files in this config are
|
|
|
|
# relative to this directory. If you give "" the working directory
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -222,10 +238,12 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
|
|
|
|
# the pid file. Can be an absolute path outside of chroot/work dir.
|
|
|
|
# pidfile: "@UNBOUND_PIDFILE@"
|
|
|
|
+ pidfile: "/var/run/unbound.pid"
|
|
|
|
|
|
|
|
# file to read root hints from.
|
|
|
|
# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
|
|
|
|
# root-hints: ""
|
|
|
|
+ root-hints: "/etc/unbound/named.cache"
|
|
|
|
|
|
|
|
# enable to not answer id.server and hostname.bind queries.
|
|
|
|
# hide-identity: no
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -248,12 +266,15 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# positive value: fetch that many targets opportunistically.
|
|
|
|
# Enclose the list of numbers between quotes ("").
|
|
|
|
# target-fetch-policy: "3 2 1 0 0"
|
|
|
|
+ target-fetch-policy: "2 1 0 0 0 0"
|
|
|
|
|
|
|
|
# Harden against very small EDNS buffer sizes.
|
|
|
|
# harden-short-bufsize: no
|
|
|
|
+ harden-short-bufsize: yes
|
|
|
|
|
|
|
|
# Harden against unseemly large queries.
|
|
|
|
# harden-large-queries: no
|
|
|
|
+ harden-large-queries: yes
|
|
|
|
|
|
|
|
# Harden against out of zone rrsets, to avoid spoofing attempts.
|
|
|
|
# harden-glue: yes
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -334,7 +355,7 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# you start unbound (i.e. in the system boot scripts). And enable:
|
|
|
|
# Please note usage of unbound-anchor root anchor is at your own risk
|
|
|
|
# and under the terms of our LICENSE (see that file in the source).
|
|
|
|
- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
|
|
|
+ auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
|
|
|
|
|
|
|
# File with DLV trusted keys. Same format as trust-anchor-file.
|
|
|
|
# There can be only one DLV configured, it is trusted from root down.
|
2013-10-20 01:15:43 +00:00
|
|
|
@@ -420,15 +441,18 @@ server:
|
2011-07-13 05:35:48 +00:00
|
|
|
# the amount of memory to use for the key cache.
|
|
|
|
# plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
|
|
# key-cache-size: 4m
|
|
|
|
+ key-cache-size: 100k
|
|
|
|
|
|
|
|
# the number of slabs to use for the key cache.
|
|
|
|
# the number of slabs must be a power of 2.
|
|
|
|
# more slabs reduce lock contention, but fragment memory usage.
|
|
|
|
# key-cache-slabs: 4
|
|
|
|
+ key-cache-slabs: 1
|
|
|
|
|
|
|
|
# the amount of memory to use for the negative cache (used for DLV).
|
|
|
|
# plain value in bytes or you can append k, m or G. default is "1Mb".
|
|
|
|
# neg-cache-size: 1m
|
|
|
|
+ neg-cache-size: 10k
|
|
|
|
|
2013-10-20 01:15:43 +00:00
|
|
|
# By default, for a number of zones a small default 'nothing here'
|
|
|
|
# reply is built-in. Query traffic is thus blocked. If you
|