--- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -38,6 +38,8 @@ server: # interface: 192.0.2.154 # interface: 192.0.2.154@5003 # interface: 2001:DB8::5 + interface: 0.0.0.0 + interface: ::0 # enable this feature to copy the source address of queries to reply. # Socket options are not supported on all platforms. experimental. @@ -57,6 +59,7 @@ server: # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. # outgoing-range: 4096 + outgoing-range: 60 # permit unbound to use this port number or port range for # making outgoing queries, using an outgoing interface. @@ -71,9 +74,11 @@ server: # number of outgoing simultaneous tcp buffers to hold per thread. # outgoing-num-tcp: 10 + outgoing-num-tcp: 1 # number of incoming simultaneous tcp buffers to hold per thread. # incoming-num-tcp: 10 + incoming-num-tcp: 1 # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). # 0 is system default. Use 4m to catch query spikes for busy servers. @@ -90,18 +95,22 @@ server: # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 + msg-buffer-size: 8192 # the amount of memory to use for the message cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m + msg-cache-size: 100k # the number of slabs to use for the message cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # msg-cache-slabs: 4 + msg-cache-slabs: 1 # the number of queries that a thread gets to service. # num-queries-per-thread: 1024 + num-queries-per-thread: 30 # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 @@ -109,11 +118,13 @@ server: # the amount of memory to use for the RRset cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m + rrset-cache-size: 100k # the number of slabs to use for the RRset cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # rrset-cache-slabs: 4 + rrset-cache-slabs: 1 # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. @@ -134,12 +145,15 @@ server: # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 + infra-cache-slabs: 1 # the maximum number of hosts that are cached (roundtrip times, EDNS). # infra-cache-numhosts: 10000 + infra-cache-numhosts: 200 # the maximum size of the lame zones cached per host. in bytes. # infra-cache-lame-size: 10k + infra-cache-lame-size: 1k # Enable IPv4, "yes" or "no". # do-ip4: yes @@ -166,6 +180,8 @@ server: # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow + access-control: 0.0.0.0/0 allow + access-control: ::0/0 allow # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, @@ -196,6 +212,7 @@ server: # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" + username: "" # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory @@ -218,10 +235,12 @@ server: # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "@UNBOUND_PIDFILE@" + pidfile: "/var/run/unbound.pid" # file to read root hints from. # get one from ftp://FTP.INTERNIC.NET/domain/named.cache # root-hints: "" + root-hints: "/etc/unbound/named.cache" # enable to not answer id.server and hostname.bind queries. # hide-identity: no @@ -244,12 +263,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" + target-fetch-policy: "2 1 0 0 0 0" # Harden against very small EDNS buffer sizes. # harden-short-bufsize: no + harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no + harden-large-queries: yes # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes @@ -323,7 +345,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). - # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. @@ -409,15 +431,18 @@ server: # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m + key-cache-size: 100k # the number of slabs to use for the key cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # key-cache-slabs: 4 + key-cache-slabs: 1 # the amount of memory to use for the negative cache (used for DLV). # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m + neg-cache-size: 10k # a number of locally served zones can be configured. # local-zone: