# Unbound configuration file for Debian. server: # Use the root servers key for DNSSEC #auto-trust-anchor-file: "/var/lib/unbound/root.key" # Enable logs chroot: "" #verbosity (log level from 0 to 4, 4 is debug) verbosity: 1 logfile: /var/log/unbound/unbound.log log-queries: yes #use-syslog: (do not write logs in syslog file in ubuntu /var/log/syslog -zaib) use-syslog: no #interface (interfaces on which Unbound will be launched and requests will be listened to) # Respond to DNS requests on all interfaces interface: 0.0.0.0 interface-automatic: yes # DNS request port, IP and protocol port: 53 do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes # Authorized IPs to access the DNS Server / access-control (determines whose requests are allowed to be processed) access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/8 allow access-control: 172.16.0.0/16 allow access-control: 192.168.0.0/16 allow access-control: 101.0.0.0/8 allow # Root servers information (To download here: ftp://ftp.internic.net/domain/named.cache) root-hints: "/var/lib/unbound/root.hints" # Hide DNS Server info hide-identity: yes hide-version: yes # Improve the security of your DNS Server (Limit DNS Fraud and use DNSSEC) harden-glue: yes harden-dnssec-stripped: yes # Rewrite URLs written in CAPS use-caps-for-id: yes # TTL Min (Seconds, I set it to 7 days) cache-min-ttl: 604800 # TTL Max (Seconds, I set it to 14 days) cache-max-ttl: 1209600 # Enable the prefetch prefetch: yes # Number of maximum threads CORES to use / zaib num-threads: 8 ### Tweaks and optimizations # Number of slabs to use (Must be a multiple of num-threads value) msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 # Cache and buffer size (in mb) rrset-cache-size: 256m msg-cache-size: 128m so-rcvbuf: 1m # Make sure your DNS Server treat your local network requests #private-address: 101.0.0.0/8 # Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning unwanted-reply-threshold: 10000 # Authorize or not the localhost requests do-not-query-localhost: no # Use the root.key file for DNSSEC #auto-trust-anchor-file: "/var/lib/unbound/root.key" val-clean-additional: yes forward-zone: name:"." forward-addr:9.9.9.9@853 forward-ssl-upstream:yes #forward-zone: # name:"." # forward-addr:127.0.0.1@5553