packages/net/unbound/files/unbound.conf

server:
	verbosity: 1

	interface: ::0
	interface: 0.0.0.0

	# the amount of memory to use for the RRset cache.
	# plain value in bytes or you can append k, m or G. default is "4Mb". 
	rrset-cache-size: 1m

	# the number of slabs to use for the RRset cache.
	# the number of slabs must be a power of 2.
	# more slabs reduce lock contention, but fragment memory usage.
	rrset-cache-slabs: 2

	# control which clients are allowed to make (recursive) queries
	# to this server. Specify classless netblocks with /size and action.
	# By default everything is refused, except for localhost.
	# Choose deny (drop message), refuse (polite error reply),
	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
	# access-control: 0.0.0.0/0 refuse
	# access-control: 127.0.0.0/8 allow
	# access-control: ::0/0 refuse
	# access-control: ::1 allow
	# access-control: ::ffff:127.0.0.1 allow
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow


	# if given, user privileges are dropped (after binding port),
	# and the given username is assumed. Default is user "unbound".
	# If you give "" no privileges are dropped.
	# username: "unbound"
	username: ""

	# the working directory. The relative files in this config are 
	# relative to this directory. If you give "" the working directory
	# is not changed.
	directory: "/etc/unbound"

	# the log file, "" means log to stderr. 
	# Use of this option sets use-syslog to "no".
	 logfile: ""

	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to 
	# log to, with identity "unbound". If yes, it overrides the logfile.
	# use-syslog: yes 

	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
	# log-time-ascii: no

	# the pid file. Can be an absolute path outside of chroot/work dir.
	pidfile: "/var/run/unbound.pid"

	# file to read root hints from.
	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
	# root-hints: ""

	# File with DLV trusted keys. Same format as trust-anchor-file.
	# There can be only one DLV configured, it is trusted from root down.
	# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
	dlv-anchor-file: "dlv.isc.org.key"

	# File with trusted keys for validation. Specify more than one file
	# with several entries, one file per entry.
	# Zone file format, with DS and DNSKEY entries.
	# trust-anchor-file: ""
	trust-anchor-file: "anchors.mf"

	# File with trusted keys, kept uptodate using RFC5011 probes,
	# initial file like trust-anchor-file, then it stores metadata.
	# Use several entries, one per domain name, to track multiple zones.
	# auto-trust-anchor-file: ""


    # If you want to forward requests to another recursive DNS server
    # uncomment this. Please note that many DNS recursors do strip 
    # DNSSEC data, rendering unbound server unusable.
    # forward-zone:
    #   name: "."
    #	forward-addr: 8.8.8.8
    #	forward-addr: 8.8.4.4
[packages] add unbound (closes: #7022) git-svn-id: svn://svn.openwrt.org/openwrt/packages@20880 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-04-15 15:34:54 +00:00			`server:`
			`verbosity: 1`

			`interface: ::0`
			`interface: 0.0.0.0`

			`# the amount of memory to use for the RRset cache.`
			`# plain value in bytes or you can append k, m or G. default is "4Mb".`
			`rrset-cache-size: 1m`

			`# the number of slabs to use for the RRset cache.`
			`# the number of slabs must be a power of 2.`
			`# more slabs reduce lock contention, but fragment memory usage.`
			`rrset-cache-slabs: 2`

			`# control which clients are allowed to make (recursive) queries`
			`# to this server. Specify classless netblocks with /size and action.`
			`# By default everything is refused, except for localhost.`
			`# Choose deny (drop message), refuse (polite error reply),`
			`# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)`
			`# access-control: 0.0.0.0/0 refuse`
			`# access-control: 127.0.0.0/8 allow`
			`# access-control: ::0/0 refuse`
			`# access-control: ::1 allow`
			`# access-control: ::ffff:127.0.0.1 allow`
			`access-control: 0.0.0.0/0 allow`
			`access-control: ::0/0 allow`


			`# if given, user privileges are dropped (after binding port),`
			`# and the given username is assumed. Default is user "unbound".`
			`# If you give "" no privileges are dropped.`
			`# username: "unbound"`
			`username: ""`

			`# the working directory. The relative files in this config are`
			`# relative to this directory. If you give "" the working directory`
			`# is not changed.`
			`directory: "/etc/unbound"`

			`# the log file, "" means log to stderr.`
			`# Use of this option sets use-syslog to "no".`
			`logfile: ""`

			`# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to`
			`# log to, with identity "unbound". If yes, it overrides the logfile.`
			`# use-syslog: yes`

			`# print UTC timestamp in ascii to logfile, default is epoch in seconds.`
			`# log-time-ascii: no`

			`# the pid file. Can be an absolute path outside of chroot/work dir.`
			`pidfile: "/var/run/unbound.pid"`

			`# file to read root hints from.`
			`# get one from ftp://FTP.INTERNIC.NET/domain/named.cache`
			`# root-hints: ""`

			`# File with DLV trusted keys. Same format as trust-anchor-file.`
			`# There can be only one DLV configured, it is trusted from root down.`
			`# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key`
			`dlv-anchor-file: "dlv.isc.org.key"`

			`# File with trusted keys for validation. Specify more than one file`
			`# with several entries, one file per entry.`
			`# Zone file format, with DS and DNSKEY entries.`
			`# trust-anchor-file: ""`
			`trust-anchor-file: "anchors.mf"`

			`# File with trusted keys, kept uptodate using RFC5011 probes,`
			`# initial file like trust-anchor-file, then it stores metadata.`
			`# Use several entries, one per domain name, to track multiple zones.`
			`# auto-trust-anchor-file: ""`


			`# If you want to forward requests to another recursive DNS server`
			`# uncomment this. Please note that many DNS recursors do strip`
			`# DNSSEC data, rendering unbound server unusable.`
			`# forward-zone:`
			`# name: "."`
			`# forward-addr: 8.8.8.8`
			`# forward-addr: 8.8.4.4`