bundlewrap/bundles/unbound/files/unbound.conf

54 lines
1.2 KiB
Text
Raw Normal View History

server:
# provided by pkg_apt:unbound-anchor
auto-trust-anchor-file: "/var/lib/unbound/root.key"
% if node.metadata.get('unbound/dns64', node.has_bundle('jool')):
2024-02-26 06:22:54 +00:00
module-config: "dns64 validator iterator"
% else:
module-config: "validator iterator"
% endif
verbosity: 0
statistics-interval: 60
extended-statistics: yes
statistics-cumulative: no
num-threads: ${threads}
% if node.has_bundle('nftables') and not node.has_bundle('vmhost'):
# Use nftables to manage access to this service
interface: 0.0.0.0
interface: ::0
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
% else:
interface: 127.0.0.1
interface: ::1
access-control: 127.0.0.1 allow
access-control: ::1 allow
% endif
2020-12-22 08:22:37 +00:00
msg-cache-size: ${cache_size}
msg-cache-slabs: ${cache_slabs}
rrset-cache-size: ${cache_size}
rrset-cache-slabs: ${cache_slabs}
cache-max-ttl: ${max_ttl}
cache-max-negative-ttl: 60
2020-12-22 08:24:10 +00:00
prefetch: yes
prefetch-key: yes
use-syslog: yes
log-queries: no
root-hints: "/etc/unbound/root-hints.txt"
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
remote-control:
% if node.has_bundle('telegraf'):
control-enable: yes
% else:
control-enable: no
% endif