mirror of
https://github.com/sujiba/pihole-unbound-hyperlocal.git
synced 2025-07-10 05:45:14 +02:00
added options
This commit is contained in:
sujiba
parent
5ab96fffc9
commit
662fa0a8de
1 changed files with 20 additions and 2 deletions
|
|
@ -1,4 +1,6 @@
|
||||||
server:
|
server:
|
||||||
|
# https://manpages.debian.org/bullseye/unbound/unbound.conf.5.en.html
|
||||||
|
#
|
||||||
# If no logfile is specified, syslog is used
|
# If no logfile is specified, syslog is used
|
||||||
# logfile: "/var/log/unbound/unbound.log"
|
# logfile: "/var/log/unbound/unbound.log"
|
||||||
verbosity: 0
|
verbosity: 0
|
||||||
|
|
@ -9,7 +11,7 @@ server:
|
||||||
do-udp: yes
|
do-udp: yes
|
||||||
do-tcp: yes
|
do-tcp: yes
|
||||||
|
|
||||||
# May be set to yes if you have IPv6 connectivity
|
# Maybe set to yes if you have IPv6 connectivity
|
||||||
do-ip6: no
|
do-ip6: no
|
||||||
|
|
||||||
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
|
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
|
||||||
|
|
@ -51,7 +53,13 @@ server:
|
||||||
# This only applies to domains that have been frequently queried
|
# This only applies to domains that have been frequently queried
|
||||||
prefetch: yes
|
prefetch: yes
|
||||||
|
|
||||||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
# Fetch the DNSKEYs earlier in the validation process, when a DS record is encountered.
|
||||||
|
# This lowers the latency of requests. It does use a little more CPU.
|
||||||
|
prefetch-key: yes
|
||||||
|
|
||||||
|
# One thread should be sufficient, can be increased on beefy machines.
|
||||||
|
# In reality for most users running on small networks or on a single machine,
|
||||||
|
# it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||||||
num-threads: 1
|
num-threads: 1
|
||||||
|
|
||||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||||
|
|
@ -61,6 +69,16 @@ server:
|
||||||
msg-cache-size: 128m
|
msg-cache-size: 128m
|
||||||
rrset-cache-size: 256m
|
rrset-cache-size: 256m
|
||||||
|
|
||||||
|
# Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
|
||||||
|
# and other denials, using information from previous NXDOMAINs answers.
|
||||||
|
# It helps to reduce the query rate towards targets that get a very high nonexistent name lookup rate.
|
||||||
|
aggressive-nsec: yes
|
||||||
|
|
||||||
|
# If enabled id.server and hostname.bind queries are refused.
|
||||||
|
hide-identity: yes
|
||||||
|
#If enabled version.server and version.bind queries are refused.
|
||||||
|
hide-version: yes
|
||||||
|
|
||||||
# Ensure privacy of local IP ranges
|
# Ensure privacy of local IP ranges
|
||||||
private-address: 192.168.0.0/16
|
private-address: 192.168.0.0/16
|
||||||
private-address: 169.254.0.0/16
|
private-address: 169.254.0.0/16
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue