You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.1 KiB
46 lines
1.1 KiB
# $OpenBSD: unbound.conf,v 1.8 2018/03/29 20:40:22 florian Exp $
|
|
|
|
server:
|
|
interface: 127.0.0.1@5353 # listen on alternative port
|
|
interface: ::1@5353
|
|
|
|
access-control: 0.0.0.0/0 allow
|
|
access-control: 127.0.0.0/8 allow
|
|
access-control: ::0/0 refuse
|
|
access-control: ::1 allow
|
|
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
|
|
auto-trust-anchor-file: "/var/unbound/db/root.key"
|
|
{% for zone in dns_zones %}
|
|
domain-insecure: "{{ zone.name }}"
|
|
{% endfor %}
|
|
|
|
remote-control:
|
|
control-enable: yes
|
|
control-use-cert: no
|
|
control-interface: /var/run/unbound.sock
|
|
|
|
|
|
{% for zone in dns_zones %}
|
|
stub-zone:
|
|
name: "{{ zone.name }}"
|
|
stub-addr: "{{ dns_server_public_ip }}"
|
|
{% endfor %}
|
|
|
|
stub-zone:
|
|
name: "10.in-addr.arpa"
|
|
stub-addr: "{{ dns_server_public_ip }}"
|
|
stub-zone:
|
|
name: "168.192.in-addr.arpa"
|
|
stub-addr: "{{ dns_server_public_ip }}"
|
|
|
|
forward-zone:
|
|
name: "." # use for ALL queries
|
|
forward-addr: 74.82.42.42 # he.net
|
|
forward-addr: 2001:470:20::2 # he.net v6
|
|
forward-addr: 8.8.8.8 # google.com
|
|
forward-addr: 2001:4860:4860::8888 # google.com v6
|
|
forward-addr: 208.67.222.222 # opendns.com
|
|
forward-first: yes # try direct if forwarder fails
|
|
|