|
|
@ -1,4 +1,4 @@ |
|
|
# $OpenBSD: unbound.conf,v 1.11 2018/12/10 16:46:03 sthen Exp $ |
|
|
|
|
|
|
|
|
# $OpenBSD: unbound.conf,v 1.12 2018/12/11 19:16:36 florian Exp $ |
|
|
|
|
|
|
|
|
server: |
|
|
server: |
|
|
interface: 127.0.0.1 |
|
|
interface: 127.0.0.1 |
|
|
@ -19,12 +19,14 @@ server: |
|
|
hide-identity: yes |
|
|
hide-identity: yes |
|
|
hide-version: yes |
|
|
hide-version: yes |
|
|
|
|
|
|
|
|
# Enable DNSSEC validation. |
|
|
|
|
|
auto-trust-anchor-file: "/var/unbound/db/root.key" |
|
|
|
|
|
val-log-level: 2 |
|
|
|
|
|
|
|
|
# Uncomment to enable DNSSEC validation. |
|
|
|
|
|
# |
|
|
|
|
|
#auto-trust-anchor-file: "/var/unbound/db/root.key" |
|
|
|
|
|
|
|
|
# Synthesize NXDOMAINs from DNSSEC NSEC chains. RFC 8198 |
|
|
|
|
|
aggressive-nsec: yes |
|
|
|
|
|
|
|
|
# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains |
|
|
|
|
|
# https://tools.ietf.org/html/rfc8198 |
|
|
|
|
|
# |
|
|
|
|
|
#aggressive-nsec: yes |
|
|
|
|
|
|
|
|
# Serve zones authoritatively from Unbound to resolver clients. |
|
|
# Serve zones authoritatively from Unbound to resolver clients. |
|
|
# Not for external service. |
|
|
# Not for external service. |
|
|
|
florian
5 years ago