Keine Beschreibung

001-conf.patch 5.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. diff --git a/doc/example.conf.in b/doc/example.conf.in
  2. index 60ed5c8..abd85f9 100644
  3. --- a/doc/example.conf.in
  4. +++ b/doc/example.conf.in
  5. @@ -38,6 +38,8 @@ server:
  6. # interface: 192.0.2.154
  7. # interface: 192.0.2.154@5003
  8. # interface: 2001:DB8::5
  9. + interface: 0.0.0.0
  10. + interface: ::0
  11. # enable this feature to copy the source address of queries to reply.
  12. # Socket options are not supported on all platforms. experimental.
  13. @@ -57,6 +59,7 @@ server:
  14. # port range that can be open simultaneously. About double the
  15. # num-queries-per-thread, or, use as many as the OS will allow you.
  16. # outgoing-range: 4096
  17. + outgoing-range: 60
  18. # permit unbound to use this port number or port range for
  19. # making outgoing queries, using an outgoing interface.
  20. @@ -73,9 +76,11 @@ server:
  21. # number of outgoing simultaneous tcp buffers to hold per thread.
  22. # outgoing-num-tcp: 10
  23. + outgoing-num-tcp: 1
  24. # number of incoming simultaneous tcp buffers to hold per thread.
  25. # incoming-num-tcp: 10
  26. + incoming-num-tcp: 1
  27. # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
  28. # 0 is system default. Use 4m to catch query spikes for busy servers.
  29. @@ -99,18 +104,22 @@ server:
  30. # buffer size for handling DNS data. No messages larger than this
  31. # size can be sent or received, by UDP or TCP. In bytes.
  32. # msg-buffer-size: 65552
  33. + msg-buffer-size: 8192
  34. # the amount of memory to use for the message cache.
  35. # plain value in bytes or you can append k, m or G. default is "4Mb".
  36. # msg-cache-size: 4m
  37. + msg-cache-size: 100k
  38. # the number of slabs to use for the message cache.
  39. # the number of slabs must be a power of 2.
  40. # more slabs reduce lock contention, but fragment memory usage.
  41. # msg-cache-slabs: 4
  42. + msg-cache-slabs: 1
  43. # the number of queries that a thread gets to service.
  44. # num-queries-per-thread: 1024
  45. + num-queries-per-thread: 30
  46. # if very busy, 50% queries run to completion, 50% get timeout in msec
  47. # jostle-timeout: 200
  48. @@ -121,11 +130,13 @@ server:
  49. # the amount of memory to use for the RRset cache.
  50. # plain value in bytes or you can append k, m or G. default is "4Mb".
  51. # rrset-cache-size: 4m
  52. + rrset-cache-size: 100k
  53. # the number of slabs to use for the RRset cache.
  54. # the number of slabs must be a power of 2.
  55. # more slabs reduce lock contention, but fragment memory usage.
  56. # rrset-cache-slabs: 4
  57. + rrset-cache-slabs: 1
  58. # the time to live (TTL) value lower bound, in seconds. Default 0.
  59. # If more than an hour could easily give trouble due to stale data.
  60. @@ -146,9 +157,11 @@ server:
  61. # the number of slabs must be a power of 2.
  62. # more slabs reduce lock contention, but fragment memory usage.
  63. # infra-cache-slabs: 4
  64. + infra-cache-slabs: 1
  65. # the maximum number of hosts that are cached (roundtrip, EDNS, lame).
  66. # infra-cache-numhosts: 10000
  67. + infra-cache-numhosts: 200
  68. # Enable IPv4, "yes" or "no".
  69. # do-ip4: yes
  70. @@ -181,6 +194,8 @@ server:
  71. # access-control: ::0/0 refuse
  72. # access-control: ::1 allow
  73. # access-control: ::ffff:127.0.0.1 allow
  74. + access-control: 0.0.0.0/0 allow
  75. + access-control: ::0/0 allow
  76. # if given, a chroot(2) is done to the given directory.
  77. # i.e. you can chroot to the working directory, for example,
  78. @@ -211,6 +226,7 @@ server:
  79. # and the given username is assumed. Default is user "unbound".
  80. # If you give "" no privileges are dropped.
  81. # username: "@UNBOUND_USERNAME@"
  82. + username: ""
  83. # the working directory. The relative files in this config are
  84. # relative to this directory. If you give "" the working directory
  85. @@ -233,10 +249,12 @@ server:
  86. # the pid file. Can be an absolute path outside of chroot/work dir.
  87. # pidfile: "@UNBOUND_PIDFILE@"
  88. + pidfile: "/var/run/unbound.pid"
  89. # file to read root hints from.
  90. # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
  91. # root-hints: ""
  92. + root-hints: "/etc/unbound/named.cache"
  93. # enable to not answer id.server and hostname.bind queries.
  94. # hide-identity: no
  95. @@ -259,12 +277,15 @@ server:
  96. # positive value: fetch that many targets opportunistically.
  97. # Enclose the list of numbers between quotes ("").
  98. # target-fetch-policy: "3 2 1 0 0"
  99. + target-fetch-policy: "2 1 0 0 0 0"
  100. # Harden against very small EDNS buffer sizes.
  101. # harden-short-bufsize: no
  102. + harden-short-bufsize: yes
  103. # Harden against unseemly large queries.
  104. # harden-large-queries: no
  105. + harden-large-queries: yes
  106. # Harden against out of zone rrsets, to avoid spoofing attempts.
  107. # harden-glue: yes
  108. @@ -345,7 +366,7 @@ server:
  109. # you start unbound (i.e. in the system boot scripts). And enable:
  110. # Please note usage of unbound-anchor root anchor is at your own risk
  111. # and under the terms of our LICENSE (see that file in the source).
  112. - # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
  113. + auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
  114. # File with DLV trusted keys. Same format as trust-anchor-file.
  115. # There can be only one DLV configured, it is trusted from root down.
  116. @@ -431,15 +452,18 @@ server:
  117. # the amount of memory to use for the key cache.
  118. # plain value in bytes or you can append k, m or G. default is "4Mb".
  119. # key-cache-size: 4m
  120. + key-cache-size: 100k
  121. # the number of slabs to use for the key cache.
  122. # the number of slabs must be a power of 2.
  123. # more slabs reduce lock contention, but fragment memory usage.
  124. # key-cache-slabs: 4
  125. + key-cache-slabs: 1
  126. # the amount of memory to use for the negative cache (used for DLV).
  127. # plain value in bytes or you can append k, m or G. default is "1Mb".
  128. # neg-cache-size: 1m
  129. + neg-cache-size: 10k
  130. # By default, for a number of zones a small default 'nothing here'
  131. # reply is built-in. Query traffic is thus blocked. If you