sthen
10 years ago
2 changed files with 84 additions and 0 deletions
Split View
Diff Options
-
+32 -0src/etc/rc.d/unbound
-
+52 -0src/etc/unbound.conf
+ 32
- 0
src/etc/rc.d/unbound
View File
| @ -0,0 +1,32 @@ | |||
| #!/bin/sh | |||
| # | |||
| # $OpenBSD: unbound,v 1.1 2014/03/15 00:34:18 sthen Exp $ | |||
| daemon="/usr/sbin/unbound" | |||
| daemon_flags="-c /var/unbound/etc/unbound.conf" | |||
| . /etc/rc.d/rc.subr | |||
| pexp="unbound${daemon_flags:+ ${daemon_flags}}" | |||
| rc_pre() { | |||
| if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \ | |||
| /var/unbound/etc/unbound.conf > /dev/null 2>&1 && \ | |||
| ! [[ -f /var/unbound/etc/unbound_server.key || | |||
| -f /var/unbound/etc/unbound_server.pem || | |||
| -f /var/unbound/etc/unbound_control.key || | |||
| -f /var/unbound/etc/unbound_control.pem ]]; then | |||
| /usr/sbin/unbound-control-setup 2> /dev/null | |||
| fi | |||
| if grep '^[[:space:]]*auto-trust-anchor-file:' \ | |||
| /var/unbound/etc/unbound.conf > /dev/null 2>&1; then | |||
| /usr/sbin/unbound-anchor -v || true | |||
| fi | |||
| } | |||
| rc_start() { | |||
| /usr/sbin/unbound-checkconf > /dev/null && | |||
| ${rcexec} "unbound ${daemon_flags}" | |||
| } | |||
| rc_cmd $1 | |||
+ 52
- 0
src/etc/unbound.conf
View File
| @ -0,0 +1,52 @@ | |||
| # $OpenBSD: unbound.conf,v 1.1 2014/03/15 00:34:18 sthen Exp $ | |||
| server: | |||
| interface: 127.0.0.1 | |||
| #interface: 127.0.0.1@5353 # listen on alternative port | |||
| interface: ::1 | |||
| #do-ip6: no | |||
| access-control: 0.0.0.0/0 refuse | |||
| access-control: 127.0.0.0/8 allow | |||
| access-control: ::0/0 refuse | |||
| access-control: ::1 allow | |||
| hide-identity: yes | |||
| hide-version: yes | |||
| # Enable DNSSEC validation. Fetch a root key with unbound-anchor(8). | |||
| # | |||
| #module-config: "validator iterator" | |||
| #auto-trust-anchor-file: "/var/unbound/etc/root.key" | |||
| # Serve zones authoritatively from Unbound to resolver clients. | |||
| # Not for external service. Note use of "nodefault" for AS112 zones, | |||
| # i.e. reverse lookup zones for RFC1918 and similar addresses. | |||
| # | |||
| #local-zone: "local." static | |||
| #local-data: "mycomputer.local. IN A 192.0.2.51" | |||
| #local-zone: "2.0.192.in-addr.arpa." static nodefault | |||
| #local-data-ptr: "192.0.2.51 mycomputer.local" | |||
| # UDP EDNS reassembly buffer advertised to peers. Default 4096. | |||
| # May need lowering on broken networks with fragmentation/MTU issues, | |||
| # particularly if validating DNSSEC. | |||
| # | |||
| #edns-buffer-size: 1480 | |||
| # Use TCP for "forward-zone" requests. Useful if you are making | |||
| # DNS requests over an SSH port forwarding. | |||
| # | |||
| #tcp-upstream: yes | |||
| # Use an upstream forwarder (recursive resolver) for specific zones. | |||
| # Example addresses given below are public resolvers valid as of 2014/03. | |||
| # | |||
| #forward-zone: | |||
| # name: "." # use for ALL queries | |||
| # forward-addr: 74.82.42.42 # he.net | |||
| # forward-addr: 2001:470:20::2 # he.net v6 | |||
| # forward-addr: 8.8.8.8 # google.com | |||
| # forward-addr: 2001:4860:4860::8888 # google.com v6 | |||
| # forward-addr: 208.67.222.222 # opendns.com | |||
| # forward-first: yes # try direct if forwarder fails | |||