|
@@ -1,5 +1,5 @@
|
1
|
1
|
diff --git a/doc/example.conf.in b/doc/example.conf.in
|
2
|
|
-index 60ed5c8..abd85f9 100644
|
|
2
|
+index ff90e3b..5c20fdf 100644
|
3
|
3
|
--- a/doc/example.conf.in
|
4
|
4
|
+++ b/doc/example.conf.in
|
5
|
5
|
@@ -38,6 +38,8 @@ server:
|
|
@@ -10,7 +10,7 @@ index 60ed5c8..abd85f9 100644
|
10
|
10
|
+ interface: ::0
|
11
|
11
|
|
12
|
12
|
# enable this feature to copy the source address of queries to reply.
|
13
|
|
- # Socket options are not supported on all platforms. experimental.
|
|
13
|
+ # Socket options are not supported on all platforms. experimental.
|
14
|
14
|
@@ -57,6 +59,7 @@ server:
|
15
|
15
|
# port range that can be open simultaneously. About double the
|
16
|
16
|
# num-queries-per-thread, or, use as many as the OS will allow you.
|
|
@@ -31,14 +31,14 @@ index 60ed5c8..abd85f9 100644
|
31
|
31
|
|
32
|
32
|
# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
|
33
|
33
|
# 0 is system default. Use 4m to catch query spikes for busy servers.
|
34
|
|
-@@ -99,18 +104,22 @@ server:
|
|
34
|
+@@ -103,18 +108,22 @@ server:
|
35
|
35
|
# buffer size for handling DNS data. No messages larger than this
|
36
|
36
|
# size can be sent or received, by UDP or TCP. In bytes.
|
37
|
37
|
# msg-buffer-size: 65552
|
38
|
38
|
+ msg-buffer-size: 8192
|
39
|
39
|
|
40
|
40
|
# the amount of memory to use for the message cache.
|
41
|
|
- # plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
41
|
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
|
42
|
42
|
# msg-cache-size: 4m
|
43
|
43
|
+ msg-cache-size: 100k
|
44
|
44
|
|
|
@@ -54,9 +54,9 @@ index 60ed5c8..abd85f9 100644
|
54
|
54
|
|
55
|
55
|
# if very busy, 50% queries run to completion, 50% get timeout in msec
|
56
|
56
|
# jostle-timeout: 200
|
57
|
|
-@@ -121,11 +130,13 @@ server:
|
|
57
|
+@@ -125,11 +134,13 @@ server:
|
58
|
58
|
# the amount of memory to use for the RRset cache.
|
59
|
|
- # plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
59
|
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
|
60
|
60
|
# rrset-cache-size: 4m
|
61
|
61
|
+ rrset-cache-size: 100k
|
62
|
62
|
|
|
@@ -68,7 +68,7 @@ index 60ed5c8..abd85f9 100644
|
68
|
68
|
|
69
|
69
|
# the time to live (TTL) value lower bound, in seconds. Default 0.
|
70
|
70
|
# If more than an hour could easily give trouble due to stale data.
|
71
|
|
-@@ -146,9 +157,11 @@ server:
|
|
71
|
+@@ -153,9 +164,11 @@ server:
|
72
|
72
|
# the number of slabs must be a power of 2.
|
73
|
73
|
# more slabs reduce lock contention, but fragment memory usage.
|
74
|
74
|
# infra-cache-slabs: 4
|
|
@@ -80,7 +80,7 @@ index 60ed5c8..abd85f9 100644
|
80
|
80
|
|
81
|
81
|
# Enable IPv4, "yes" or "no".
|
82
|
82
|
# do-ip4: yes
|
83
|
|
-@@ -181,6 +194,8 @@ server:
|
|
83
|
+@@ -188,6 +201,8 @@ server:
|
84
|
84
|
# access-control: ::0/0 refuse
|
85
|
85
|
# access-control: ::1 allow
|
86
|
86
|
# access-control: ::ffff:127.0.0.1 allow
|
|
@@ -89,34 +89,34 @@ index 60ed5c8..abd85f9 100644
|
89
|
89
|
|
90
|
90
|
# if given, a chroot(2) is done to the given directory.
|
91
|
91
|
# i.e. you can chroot to the working directory, for example,
|
92
|
|
-@@ -211,6 +226,7 @@ server:
|
|
92
|
+@@ -218,6 +233,7 @@ server:
|
93
|
93
|
# and the given username is assumed. Default is user "unbound".
|
94
|
94
|
# If you give "" no privileges are dropped.
|
95
|
95
|
# username: "@UNBOUND_USERNAME@"
|
96
|
96
|
+ username: ""
|
97
|
97
|
|
98
|
|
- # the working directory. The relative files in this config are
|
|
98
|
+ # the working directory. The relative files in this config are
|
99
|
99
|
# relative to this directory. If you give "" the working directory
|
100
|
|
-@@ -233,10 +249,12 @@ server:
|
|
100
|
+@@ -240,10 +256,12 @@ server:
|
101
|
101
|
|
102
|
102
|
# the pid file. Can be an absolute path outside of chroot/work dir.
|
103
|
103
|
# pidfile: "@UNBOUND_PIDFILE@"
|
104
|
104
|
+ pidfile: "/var/run/unbound.pid"
|
105
|
105
|
|
106
|
106
|
# file to read root hints from.
|
107
|
|
- # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
|
|
107
|
+ # get one from https://www.internic.net/domain/named.cache
|
108
|
108
|
# root-hints: ""
|
109
|
109
|
+ root-hints: "/etc/unbound/named.cache"
|
110
|
110
|
|
111
|
111
|
# enable to not answer id.server and hostname.bind queries.
|
112
|
112
|
# hide-identity: no
|
113
|
|
-@@ -259,12 +277,15 @@ server:
|
|
113
|
+@@ -266,12 +284,15 @@ server:
|
114
|
114
|
# positive value: fetch that many targets opportunistically.
|
115
|
115
|
# Enclose the list of numbers between quotes ("").
|
116
|
116
|
# target-fetch-policy: "3 2 1 0 0"
|
117
|
117
|
+ target-fetch-policy: "2 1 0 0 0 0"
|
118
|
118
|
|
119
|
|
- # Harden against very small EDNS buffer sizes.
|
|
119
|
+ # Harden against very small EDNS buffer sizes.
|
120
|
120
|
# harden-short-bufsize: no
|
121
|
121
|
+ harden-short-bufsize: yes
|
122
|
122
|
|
|
@@ -124,9 +124,9 @@ index 60ed5c8..abd85f9 100644
|
124
|
124
|
# harden-large-queries: no
|
125
|
125
|
+ harden-large-queries: yes
|
126
|
126
|
|
127
|
|
- # Harden against out of zone rrsets, to avoid spoofing attempts.
|
|
127
|
+ # Harden against out of zone rrsets, to avoid spoofing attempts.
|
128
|
128
|
# harden-glue: yes
|
129
|
|
-@@ -345,7 +366,7 @@ server:
|
|
129
|
+@@ -367,7 +388,7 @@ server:
|
130
|
130
|
# you start unbound (i.e. in the system boot scripts). And enable:
|
131
|
131
|
# Please note usage of unbound-anchor root anchor is at your own risk
|
132
|
132
|
# and under the terms of our LICENSE (see that file in the source).
|
|
@@ -135,9 +135,9 @@ index 60ed5c8..abd85f9 100644
|
135
|
135
|
|
136
|
136
|
# File with DLV trusted keys. Same format as trust-anchor-file.
|
137
|
137
|
# There can be only one DLV configured, it is trusted from root down.
|
138
|
|
-@@ -431,15 +452,18 @@ server:
|
|
138
|
+@@ -456,15 +477,18 @@ server:
|
139
|
139
|
# the amount of memory to use for the key cache.
|
140
|
|
- # plain value in bytes or you can append k, m or G. default is "4Mb".
|
|
140
|
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
|
141
|
141
|
# key-cache-size: 4m
|
142
|
142
|
+ key-cache-size: 100k
|
143
|
143
|
|
|
@@ -148,7 +148,7 @@ index 60ed5c8..abd85f9 100644
|
148
|
148
|
+ key-cache-slabs: 1
|
149
|
149
|
|
150
|
150
|
# the amount of memory to use for the negative cache (used for DLV).
|
151
|
|
- # plain value in bytes or you can append k, m or G. default is "1Mb".
|
|
151
|
+ # plain value in bytes or you can append k, m or G. default is "1Mb".
|
152
|
152
|
# neg-cache-size: 1m
|
153
|
153
|
+ neg-cache-size: 10k
|
154
|
154
|
|