-
Notifications
You must be signed in to change notification settings - Fork 14
/
unbound.conf
104 lines (100 loc) · 4.34 KB
/
unbound.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
server:
# This matches Unbound's default and the 2020 DNS Flag Day recommendation:
# https://www.dnsflagday.net/2020/. Included here to be explicit.
edns-buffer-size: 1232
directory: "."
pidfile: ""
logfile: ""
chroot: ""
username: ""
log-replies: yes
log-queries: yes
log-tag-queryreply: yes
log-servfail: yes
val-log-level: 2
num-threads: 1
so-reuseport: yes
verbosity: 5
use-syslog: no
log-time-ascii: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
tcp-upstream: no
port: 1053
private-address: 192.168.0.0/16 # RFC 1918
private-address: 172.16.0.0/12 # RFC 1918
private-address: 10.0.0.0/8 # RFC 1918
private-address: 127.0.0.0/8 # RFC 5735
private-address: 0.0.0.0/8 # RFC 1122 Section 3.2.1.3
private-address: 169.254.0.0/16 # RFC 3927
private-address: 192.0.0.0/24 # RFC 5736
private-address: 192.0.2.0/24 # RFC 5735
private-address: 198.51.100.0/24 # RFC 5735
private-address: 203.0.113.0/24 # RFC 5735
private-address: 192.88.99.0/24 # RFC 3068
private-address: 198.18.0.0/15 # RFC 2544
private-address: 224.0.0.0/4 # RFC 3171
private-address: 240.0.0.0/4 # RFC 1112
private-address: 255.255.255.255/32 # RFC 919 Section 7
private-address: 100.64.0.0/10 # RFC 6598
private-address: ::/128 # RFC 4291: Unspecified Address
private-address: ::1/128 # RFC 4291: Loopback Address
private-address: ::ffff:0:0/96 # RFC 4291: IPv4-mapped Address
private-address: 100::/64 # RFC 6666: Discard Address Block
private-address: 2001::/23 # RFC 2928: IETF Protocol Assignments
private-address: 2001:2::/48 # RFC 5180: Benchmarking
private-address: 2001:db8::/32 # RFC 3849: Documentation
private-address: 2001::/32 # RFC 4380: TEREDO
private-address: fc00::/7 # RFC 4193: Unique-Local
private-address: fe80::/10 # RFC 4291: Section 2.5.6 Link-Scoped Unicast
private-address: ff00::/8 # RFC 4291: Section 2.7
do-not-query-address: 192.168.0.0/16 # RFC 1918
do-not-query-address: 172.16.0.0/12 # RFC 1918
do-not-query-address: 10.0.0.0/8 # RFC 1918
do-not-query-address: 169.254.0.0/16
do-not-query-address: 127.0.0.0/8 # RFC 5735
do-not-query-address: 0.0.0.0/8 # RFC 1122 Section 3.2.1.3
do-not-query-address: 169.254.0.0/16 # RFC 3927
do-not-query-address: 192.0.0.0/24 # RFC 5736
do-not-query-address: 192.0.2.0/24
do-not-query-address: 198.51.100.0/24
do-not-query-address: 203.0.113.0/24
do-not-query-address: 192.88.99.0/24 # RFC 3068
do-not-query-address: 192.18.0.0/15 # RFC 2544
do-not-query-address: 224.0.0.0/4 # RFC 3171
do-not-query-address: 240.0.0.0/4 # RFC 1112
do-not-query-address: 255.255.255.255/32 # RFC 919 Section 7
do-not-query-address: 100.64.0.0/10 # RFC 6598
do-not-query-address: ::/128 # RFC 4291: Unspecified Address
do-not-query-address: ::1/128 # RFC 4291: Loopback Address
do-not-query-address: ::ffff:0:0/96 # RFC 4291: IPv4-mapped Address
do-not-query-address: 100::/64 # RFC 6666: Discard Address Block
do-not-query-address: 2001::/23 # RFC 2928: IETF Protocol Assignments
do-not-query-address: 2001:2::/48 # RFC 5180: Benchmarking
do-not-query-address: 2001:db8::/32 # RFC 3849: Documentation
do-not-query-address: 2001::/32 # RFC 4380: TEREDO
do-not-query-address: fc00::/7 # RFC 4193: Unique-Local
do-not-query-address: fe80::/10 # RFC 4291: Section 2.5.6 Link-Scoped Unicast
do-not-query-address: ff00::/8 # RFC 4291: Section 2.7
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: no
use-caps-for-id: yes
cache-min-ttl: 0
cache-max-ttl: 0
cache-max-negative-ttl: 0
neg-cache-size: 0
prefetch: no
unwanted-reply-threshold: 10000
do-not-query-localhost: yes
val-clean-additional: yes
val-sig-skew-max: 0
val-sig-skew-min: 0
ede: yes
ipsecmod-enabled: no
qname-minimisation: no
qname-minimisation-strict: no