123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 |
- --- a/doc/example.conf.in
- +++ b/doc/example.conf.in
- @@ -38,6 +38,8 @@ server:
- # interface: 192.0.2.154
- # interface: 192.0.2.154@5003
- # interface: 2001:DB8::5
- + interface: 0.0.0.0
- + interface: ::0
-
- # enable this feature to copy the source address of queries to reply.
- # Socket options are not supported on all platforms. experimental.
- @@ -57,6 +59,7 @@ server:
- # port range that can be open simultaneously. About double the
- # num-queries-per-thread, or, use as many as the OS will allow you.
- # outgoing-range: 4096
- + outgoing-range: 60
-
- # permit unbound to use this port number or port range for
- # making outgoing queries, using an outgoing interface.
- @@ -73,9 +76,11 @@ server:
-
- # number of outgoing simultaneous tcp buffers to hold per thread.
- # outgoing-num-tcp: 10
- + outgoing-num-tcp: 1
-
- # number of incoming simultaneous tcp buffers to hold per thread.
- # incoming-num-tcp: 10
- + incoming-num-tcp: 1
-
- # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
- # 0 is system default. Use 4m to catch query spikes for busy servers.
- @@ -99,18 +104,22 @@ server:
- # buffer size for handling DNS data. No messages larger than this
- # size can be sent or received, by UDP or TCP. In bytes.
- # msg-buffer-size: 65552
- + msg-buffer-size: 8192
-
- # the amount of memory to use for the message cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
- # msg-cache-size: 4m
- + msg-cache-size: 100k
-
- # the number of slabs to use for the message cache.
- # the number of slabs must be a power of 2.
- # more slabs reduce lock contention, but fragment memory usage.
- # msg-cache-slabs: 4
- + msg-cache-slabs: 1
-
- # the number of queries that a thread gets to service.
- # num-queries-per-thread: 1024
- + num-queries-per-thread: 30
-
- # if very busy, 50% queries run to completion, 50% get timeout in msec
- # jostle-timeout: 200
- @@ -121,11 +130,13 @@ server:
- # the amount of memory to use for the RRset cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
- # rrset-cache-size: 4m
- + rrset-cache-size: 100k
-
- # the number of slabs to use for the RRset cache.
- # the number of slabs must be a power of 2.
- # more slabs reduce lock contention, but fragment memory usage.
- # rrset-cache-slabs: 4
- + rrset-cache-slabs: 1
-
- # the time to live (TTL) value lower bound, in seconds. Default 0.
- # If more than an hour could easily give trouble due to stale data.
- @@ -143,9 +154,11 @@ server:
- # the number of slabs must be a power of 2.
- # more slabs reduce lock contention, but fragment memory usage.
- # infra-cache-slabs: 4
- + infra-cache-slabs: 1
-
- # the maximum number of hosts that are cached (roundtrip, EDNS, lame).
- # infra-cache-numhosts: 10000
- + infra-cache-numhosts: 200
-
- # Enable IPv4, "yes" or "no".
- # do-ip4: yes
- @@ -178,6 +191,8 @@ server:
- # access-control: ::0/0 refuse
- # access-control: ::1 allow
- # access-control: ::ffff:127.0.0.1 allow
- + access-control: 0.0.0.0/0 allow
- + access-control: ::0/0 allow
-
- # if given, a chroot(2) is done to the given directory.
- # i.e. you can chroot to the working directory, for example,
- @@ -208,6 +223,7 @@ server:
- # and the given username is assumed. Default is user "unbound".
- # If you give "" no privileges are dropped.
- # username: "@UNBOUND_USERNAME@"
- + username: ""
-
- # the working directory. The relative files in this config are
- # relative to this directory. If you give "" the working directory
- @@ -230,10 +246,12 @@ server:
-
- # the pid file. Can be an absolute path outside of chroot/work dir.
- # pidfile: "@UNBOUND_PIDFILE@"
- + pidfile: "/var/run/unbound.pid"
-
- # file to read root hints from.
- # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
- # root-hints: ""
- + root-hints: "/etc/unbound/named.cache"
-
- # enable to not answer id.server and hostname.bind queries.
- # hide-identity: no
- @@ -256,12 +274,15 @@ server:
- # positive value: fetch that many targets opportunistically.
- # Enclose the list of numbers between quotes ("").
- # target-fetch-policy: "3 2 1 0 0"
- + target-fetch-policy: "2 1 0 0 0 0"
-
- # Harden against very small EDNS buffer sizes.
- # harden-short-bufsize: no
- + harden-short-bufsize: yes
-
- # Harden against unseemly large queries.
- # harden-large-queries: no
- + harden-large-queries: yes
-
- # Harden against out of zone rrsets, to avoid spoofing attempts.
- # harden-glue: yes
- @@ -342,7 +363,7 @@ server:
- # you start unbound (i.e. in the system boot scripts). And enable:
- # Please note usage of unbound-anchor root anchor is at your own risk
- # and under the terms of our LICENSE (see that file in the source).
- - # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
- + auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
-
- # File with DLV trusted keys. Same format as trust-anchor-file.
- # There can be only one DLV configured, it is trusted from root down.
- @@ -428,15 +449,18 @@ server:
- # the amount of memory to use for the key cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
- # key-cache-size: 4m
- + key-cache-size: 100k
-
- # the number of slabs to use for the key cache.
- # the number of slabs must be a power of 2.
- # more slabs reduce lock contention, but fragment memory usage.
- # key-cache-slabs: 4
- + key-cache-slabs: 1
-
- # the amount of memory to use for the negative cache (used for DLV).
- # plain value in bytes or you can append k, m or G. default is "1Mb".
- # neg-cache-size: 1m
- + neg-cache-size: 10k
-
- # By default, for a number of zones a small default 'nothing here'
- # reply is built-in. Query traffic is thus blocked. If you
|