packages/net/unbound/files/unbound.conf

server:
	verbosity: 1

	interface: ::0
	interface: 0.0.0.0

	# the amount of memory to use for the RRset cache.
	# plain value in bytes or you can append k, m or G. default is "4Mb". 
	rrset-cache-size: 1m

	# the number of slabs to use for the RRset cache.
	# the number of slabs must be a power of 2.
	# more slabs reduce lock contention, but fragment memory usage.
	rrset-cache-slabs: 2

	# control which clients are allowed to make (recursive) queries
	# to this server. Specify classless netblocks with /size and action.
	# By default everything is refused, except for localhost.
	# Choose deny (drop message), refuse (polite error reply),
	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
	# access-control: 0.0.0.0/0 refuse
	# access-control: 127.0.0.0/8 allow
	# access-control: ::0/0 refuse
	# access-control: ::1 allow
	# access-control: ::ffff:127.0.0.1 allow
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow


	# if given, user privileges are dropped (after binding port),
	# and the given username is assumed. Default is user "unbound".
	# If you give "" no privileges are dropped.
	# username: "unbound"
	username: ""

	# the working directory. The relative files in this config are 
	# relative to this directory. If you give "" the working directory
	# is not changed.
	directory: "/etc/unbound"

	# the log file, "" means log to stderr. 
	# Use of this option sets use-syslog to "no".
	# logfile: ""

	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to 
	# log to, with identity "unbound". If yes, it overrides the logfile.
	use-syslog: yes 

	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
	# log-time-ascii: no

	# the pid file. Can be an absolute path outside of chroot/work dir.
	pidfile: "/var/run/unbound.pid"

	# file to read root hints from.
	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
	root-hints: "named.cache"
	
	
	# Root zone trust anchor key
	# Will be autoupdated by unbound in case of key change
	auto-trust-anchor-file: "root.autokey"

	# If you want to also do DLV validation (RFC5074),
	# download http://ftp.isc.org/www/dlv/dlv.isc.org.key
	# and uncomment following line:
	#dlv-anchor-file: "dlv.isc.org.key"

	# You can also do ITAR validation (https://itar.iana.org)
	# To download and update anchors.mf file, use update-itar.sh
	# from page http://www.unbound.net/documentation/howto_itar.html
	#trust-anchor-file: "anchors.mf"


    # If you want to forward requests to another recursive DNS server
    # uncomment this. Please note that many DNS recursors do strip 
    # DNSSEC data, rendering unbound server unusable.
    # forward-zone:
    #   name: "."
    #	forward-addr: 8.8.8.8
    #	forward-addr: 8.8.4.4
[packages] add unbound (closes: #7022) git-svn-id: svn://svn.openwrt.org/openwrt/packages@20880 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-04-15 15:34:54 +00:00			`server:`
			`verbosity: 1`

			`interface: ::0`
			`interface: 0.0.0.0`

			`# the amount of memory to use for the RRset cache.`
			`# plain value in bytes or you can append k, m or G. default is "4Mb".`
			`rrset-cache-size: 1m`

			`# the number of slabs to use for the RRset cache.`
			`# the number of slabs must be a power of 2.`
			`# more slabs reduce lock contention, but fragment memory usage.`
			`rrset-cache-slabs: 2`

			`# control which clients are allowed to make (recursive) queries`
			`# to this server. Specify classless netblocks with /size and action.`
			`# By default everything is refused, except for localhost.`
			`# Choose deny (drop message), refuse (polite error reply),`
			`# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)`
			`# access-control: 0.0.0.0/0 refuse`
			`# access-control: 127.0.0.0/8 allow`
			`# access-control: ::0/0 refuse`
			`# access-control: ::1 allow`
			`# access-control: ::ffff:127.0.0.1 allow`
			`access-control: 0.0.0.0/0 allow`
			`access-control: ::0/0 allow`


			`# if given, user privileges are dropped (after binding port),`
			`# and the given username is assumed. Default is user "unbound".`
			`# If you give "" no privileges are dropped.`
			`# username: "unbound"`
			`username: ""`

			`# the working directory. The relative files in this config are`
			`# relative to this directory. If you give "" the working directory`
			`# is not changed.`
			`directory: "/etc/unbound"`

			`# the log file, "" means log to stderr.`
			`# Use of this option sets use-syslog to "no".`
[packages] unbound: update configuration files (closes: #7633), bump release number git-svn-id: svn://svn.openwrt.org/openwrt/packages@22250 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-07-17 13:29:33 +00:00			`# logfile: ""`
[packages] add unbound (closes: #7022) git-svn-id: svn://svn.openwrt.org/openwrt/packages@20880 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-04-15 15:34:54 +00:00
			`# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to`
			`# log to, with identity "unbound". If yes, it overrides the logfile.`
[packages] unbound: update configuration files (closes: #7633), bump release number git-svn-id: svn://svn.openwrt.org/openwrt/packages@22250 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-07-17 13:29:33 +00:00			`use-syslog: yes`
[packages] add unbound (closes: #7022) git-svn-id: svn://svn.openwrt.org/openwrt/packages@20880 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-04-15 15:34:54 +00:00
			`# print UTC timestamp in ascii to logfile, default is epoch in seconds.`
			`# log-time-ascii: no`

			`# the pid file. Can be an absolute path outside of chroot/work dir.`
			`pidfile: "/var/run/unbound.pid"`

			`# file to read root hints from.`
			`# get one from ftp://FTP.INTERNIC.NET/domain/named.cache`
[packages] unbound: update configuration files (closes: #7633), bump release number git-svn-id: svn://svn.openwrt.org/openwrt/packages@22250 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-07-17 13:29:33 +00:00			`root-hints: "named.cache"`


			`# Root zone trust anchor key`
			`# Will be autoupdated by unbound in case of key change`
			`auto-trust-anchor-file: "root.autokey"`

			`# If you want to also do DLV validation (RFC5074),`
			`# download http://ftp.isc.org/www/dlv/dlv.isc.org.key`
			`# and uncomment following line:`
			`#dlv-anchor-file: "dlv.isc.org.key"`

			`# You can also do ITAR validation (https://itar.iana.org)`
			`# To download and update anchors.mf file, use update-itar.sh`
			`# from page http://www.unbound.net/documentation/howto_itar.html`
			`#trust-anchor-file: "anchors.mf"`
[packages] add unbound (closes: #7022) git-svn-id: svn://svn.openwrt.org/openwrt/packages@20880 3c298f89-4303-0410-b956-a3cf2f4a3e73 2010-04-15 15:34:54 +00:00

			`# If you want to forward requests to another recursive DNS server`
			`# uncomment this. Please note that many DNS recursors do strip`
			`# DNSSEC data, rendering unbound server unusable.`
			`# forward-zone:`
			`# name: "."`
			`# forward-addr: 8.8.8.8`
			`# forward-addr: 8.8.4.4`