sujiba/pihole-unbound-hyperlocal
1
0
Fork 0
mirror of https://github.com/sujiba/pihole-unbound-hyperlocal.git synced 2025-07-09 21:35:13 +02:00
Code Issues Releases Activity

added options

Browse source
This commit is contained in:
sujiba 2023-10-08 01:10:00 +02:00
parent 5ab96fffc9
commit 662fa0a8de
1 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

22
docker-build/unbound-pihole.conf
View file

@ -1,4 +1,6 @@
server:
# https://manpages.debian.org/bullseye/unbound/unbound.conf.5.en.html
#
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
@ -9,7 +11,7 @@ server:
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
# Maybe set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
@ -51,7 +53,13 @@ server:
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
# Fetch the DNSKEYs earlier in the validation process, when a DS record is encountered.
# This lowers the latency of requests. It does use a little more CPU.
prefetch-key: yes
# One thread should be sufficient, can be increased on beefy machines.
# In reality for most users running on small networks or on a single machine,
# it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
@ -61,6 +69,16 @@ server:
msg-cache-size: 128m
rrset-cache-size: 256m
# Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
# and other denials, using information from previous NXDOMAINs answers.
# It helps to reduce the query rate towards targets that get a very high nonexistent name lookup rate.
aggressive-nsec: yes
# If enabled id.server and hostname.bind queries are refused.
hide-identity: yes
#If enabled version.server and version.bind queries are refused.
hide-version: yes
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16