From 77b0d062191bc37e53d3b0bf47b55403c59b60e0 Mon Sep 17 00:00:00 2001 From: till Date: Fri, 29 Mar 2024 21:12:03 +0100 Subject: [PATCH] Chore(unbound): config - split config file - turn off dnssec related --- .../rootfs/etc/unbound/forward-zone.conf | 4 ++ .../unbound/rootfs/etc/unbound/server.conf | 39 +++++++++++++++++ .../unbound/rootfs/etc/unbound/unbound.conf | 42 +------------------ 3 files changed, 45 insertions(+), 40 deletions(-) create mode 100644 .docker/unbound/rootfs/etc/unbound/forward-zone.conf create mode 100644 .docker/unbound/rootfs/etc/unbound/server.conf diff --git a/.docker/unbound/rootfs/etc/unbound/forward-zone.conf b/.docker/unbound/rootfs/etc/unbound/forward-zone.conf new file mode 100644 index 0000000..dfeaa41 --- /dev/null +++ b/.docker/unbound/rootfs/etc/unbound/forward-zone.conf @@ -0,0 +1,4 @@ +forward-zone: + name: "." + forward-addr: 9.9.9.9 + forward-addr: 149.112.112.112 diff --git a/.docker/unbound/rootfs/etc/unbound/server.conf b/.docker/unbound/rootfs/etc/unbound/server.conf new file mode 100644 index 0000000..9a96e71 --- /dev/null +++ b/.docker/unbound/rootfs/etc/unbound/server.conf @@ -0,0 +1,39 @@ +server: + username: "" + chroot: "" + port: 5353 + verbosity: 1 + interface: 0.0.0.0@5353 + do-ip4: yes + do-ip6: no + do-udp: yes + do-tcp: no + prefer-ip4: yes + prefer-ip6: no + do-daemonize: no + access-control: 0.0.0.0/0 allow + logfile: "" + use-syslog: no + log-queries: yes + hide-identity: yes + hide-version: yes + harden-glue: yes + harden-dnssec-stripped: yes + use-caps-for-id: yes + cache-min-ttl: 3600 + cache-max-ttl: 86400 + prefetch: yes + num-threads: 4 + msg-cache-slabs: 8 + rrset-cache-slabs: 8 + infra-cache-slabs: 8 + key-cache-slabs: 8 + rrset-cache-size: 256m + msg-cache-size: 128m + so-rcvbuf: 1m + private-address: 192.168.1.0/16 + unwanted-reply-threshold: 10000 + do-not-query-localhost: no + val-clean-additional: yes + val-permissive-mode: yes + module-config: "iterator" diff --git a/.docker/unbound/rootfs/etc/unbound/unbound.conf b/.docker/unbound/rootfs/etc/unbound/unbound.conf index 3359ee3..7a3a667 100644 --- a/.docker/unbound/rootfs/etc/unbound/unbound.conf +++ b/.docker/unbound/rootfs/etc/unbound/unbound.conf @@ -1,41 +1,3 @@ -server: - username: unbound - port: 5353 - verbosity: 1 - interface: 0.0.0.0@5353 - do-ip4: yes - do-ip6: no - do-udp: yes - do-tcp: no - prefer-ip4: yes - prefer-ip6: no - do-daemonize: no - access-control: 0.0.0.0/0 allow - logfile: "" - use-syslog: no - log-queries: yes - hide-identity: yes - hide-version: yes - harden-glue: yes - harden-dnssec-stripped: yes - use-caps-for-id: yes - cache-min-ttl: 3600 - cache-max-ttl: 86400 - prefetch: yes - num-threads: 4 - msg-cache-slabs: 8 - rrset-cache-slabs: 8 - infra-cache-slabs: 8 - key-cache-slabs: 8 - rrset-cache-size: 256m - msg-cache-size: 128m - so-rcvbuf: 1m - private-address: 192.168.1.0/16 - unwanted-reply-threshold: 10000 - do-not-query-localhost: no - val-clean-additional: yes +include: "/etc/unbound/server.conf" root-hints: "/etc/unbound/root.hints" -forward-zone: - name: "." - forward-addr: 9.9.9.9 - forward-addr: 149.112.112.112 +include: "/etc/unbound/forward-zone.conf"