diff --git a/src/etc/unbound.conf b/src/etc/unbound.conf index a523ab6f..132875fd 100644 --- a/src/etc/unbound.conf +++ b/src/etc/unbound.conf @@ -1,4 +1,4 @@ -# $OpenBSD: unbound.conf,v 1.9 2018/12/07 09:21:08 florian Exp $ +# $OpenBSD: unbound.conf,v 1.10 2018/12/07 11:54:04 sthen Exp $ server: interface: 127.0.0.1 @@ -19,9 +19,7 @@ server: hide-identity: yes hide-version: yes - # Uncomment to enable qname minimisation. - # https://tools.ietf.org/html/rfc7816 - # + # Uncomment to enable qname minimisation. RFC 7816 #qname-minimisation: yes # Enable DNSSEC validation. @@ -50,26 +48,14 @@ server: # #tcp-upstream: yes - # DNS64 options, synthesizes AAAA records for hosts that don't have - # them. For use with NAT64 (PF "af-to"). - # - #module-config: "dns64 validator iterator" - #dns64-prefix: 64:ff9b::/96 # well-known prefix (default) - #dns64-synthall: no - remote-control: control-enable: yes control-use-cert: no control-interface: /var/run/unbound.sock -# Use an upstream forwarder (recursive resolver) for specific zones. -# Example addresses given below are public resolvers valid as of 2014/03. +# Use an upstream forwarder (recursive resolver) for some or all zones. # #forward-zone: # name: "." # use for ALL queries -# forward-addr: 74.82.42.42 # he.net -# forward-addr: 2001:470:20::2 # he.net v6 -# forward-addr: 8.8.8.8 # google.com -# forward-addr: 2001:4860:4860::8888 # google.com v6 -# forward-addr: 208.67.222.222 # opendns.com +# forward-addr: 192.0.2.53 # example address only # forward-first: yes # try direct if forwarder fails