53 lines
1.2 KiB
Text
53 lines
1.2 KiB
Text
server:
|
|
# provided by pkg_apt:unbound-anchor
|
|
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
|
% if node.has_bundle('jool'):
|
|
module-config: "dns64 validator iterator"
|
|
% else:
|
|
module-config: "validator iterator"
|
|
% endif
|
|
|
|
verbosity: 0
|
|
|
|
statistics-interval: 60
|
|
extended-statistics: yes
|
|
statistics-cumulative: no
|
|
|
|
num-threads: ${threads}
|
|
|
|
% if node.has_bundle('nftables') and not node.has_bundle('vmhost'):
|
|
# Use nftables to manage access to this service
|
|
interface: 0.0.0.0
|
|
interface: ::0
|
|
access-control: 0.0.0.0/0 allow
|
|
access-control: ::/0 allow
|
|
% else:
|
|
interface: 127.0.0.1
|
|
interface: ::1
|
|
access-control: 127.0.0.1 allow
|
|
access-control: ::1 allow
|
|
% endif
|
|
|
|
msg-cache-size: ${cache_size}
|
|
msg-cache-slabs: ${cache_slabs}
|
|
rrset-cache-size: ${cache_size}
|
|
rrset-cache-slabs: ${cache_slabs}
|
|
cache-max-ttl: ${max_ttl}
|
|
cache-max-negative-ttl: 60
|
|
|
|
prefetch: yes
|
|
prefetch-key: yes
|
|
|
|
use-syslog: yes
|
|
log-queries: no
|
|
|
|
root-hints: "/etc/unbound/root-hints.txt"
|
|
|
|
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
|
|
|
|
remote-control:
|
|
% if node.has_bundle('telegraf'):
|
|
control-enable: yes
|
|
% else:
|
|
control-enable: no
|
|
% endif
|