feat: make defaults configurable
This commit is contained in:
parent
26852d22ac
commit
03c25e4aea
2 changed files with 49 additions and 41 deletions
|
|
@ -1,5 +1,26 @@
|
|||
---
|
||||
|
||||
# unbound server settings
|
||||
unbound_verbosity: 1
|
||||
unbound_port: 53
|
||||
unbound_do_ip6: true
|
||||
unbound_do_tcp: true
|
||||
unbound_num_threads: 2
|
||||
unbound_so_reuseport: true
|
||||
|
||||
# security
|
||||
unbound_use_caps_for_id: true
|
||||
unbound_qname_minimisation: true
|
||||
unbound_harden_dnssec_stripped: true
|
||||
unbound_harden_glue: true
|
||||
unbound_hide_identity: true
|
||||
unbound_hide_version: true
|
||||
|
||||
# cache
|
||||
unbound_cache_min_ttl: 5
|
||||
unbound_cache_max_ttl: 86400
|
||||
unbound_prefetch: true
|
||||
|
||||
# unbound upstream info
|
||||
unbound_upstream_dns:
|
||||
- "8.8.8.8"
|
||||
|
|
@ -11,23 +32,4 @@ unbound_allow_access:
|
|||
network: "192.168.1.0/24"
|
||||
|
||||
# unbound zones
|
||||
unbound_zones:
|
||||
|
||||
# example.internal
|
||||
- zone: "example.internal"
|
||||
type: "static"
|
||||
records:
|
||||
|
||||
- name: "server.example.internal"
|
||||
value: "192.168.1.0"
|
||||
|
||||
- name: "example.internal"
|
||||
type: "TXT"
|
||||
value: "v=spf1 include:example.internal ~all"
|
||||
|
||||
- name: "_sip._tcp.example.internal"
|
||||
type: "SRV"
|
||||
priority: 10
|
||||
weight: 60
|
||||
port: 5060
|
||||
value: "server.example.internal"
|
||||
unbound_zones: []
|
||||
|
|
|
|||
|
|
@ -1,35 +1,41 @@
|
|||
server:
|
||||
verbosity: 1
|
||||
verbosity: {{ unbound_verbosity }}
|
||||
interface-automatic: yes
|
||||
ip-freebind: yes
|
||||
port: 53
|
||||
port: {{ unbound_port }}
|
||||
do-ip4: yes
|
||||
do-ip6: yes
|
||||
do-ip6: {{ 'yes' if unbound_do_ip6 else 'no' }}
|
||||
do-udp: yes
|
||||
do-tcp: no
|
||||
|
||||
do-tcp: {{ 'yes' if unbound_do_tcp else 'no' }}
|
||||
|
||||
# access control
|
||||
{% for network in unbound_allow_access %}
|
||||
## {{ network.name }}
|
||||
access-control: {{ network.network }} allow
|
||||
|
||||
{% endfor %}
|
||||
|
||||
# security and performance
|
||||
cache-max-ttl: 86400
|
||||
cache-min-ttl: 3600
|
||||
harden-dnssec-stripped: yes
|
||||
harden-glue: yes
|
||||
hide-identity: yes
|
||||
hide-version: yes
|
||||
infra-cache-slabs: 8
|
||||
key-cache-slabs: 8
|
||||
msg-cache-slabs: 8
|
||||
num-threads: 2
|
||||
prefetch: yes
|
||||
rrset-cache-slabs: 8
|
||||
use-caps-for-id: no
|
||||
|
||||
|
||||
# performance
|
||||
num-threads: {{ unbound_num_threads }}
|
||||
so-reuseport: {{ 'yes' if unbound_so_reuseport else 'no' }}
|
||||
infra-cache-slabs: {{ unbound_num_threads }}
|
||||
key-cache-slabs: {{ unbound_num_threads }}
|
||||
msg-cache-slabs: {{ unbound_num_threads }}
|
||||
rrset-cache-slabs: {{ unbound_num_threads }}
|
||||
|
||||
# cache
|
||||
cache-max-ttl: {{ unbound_cache_max_ttl }}
|
||||
cache-min-ttl: {{ unbound_cache_min_ttl }}
|
||||
prefetch: {{ 'yes' if unbound_prefetch else 'no' }}
|
||||
|
||||
# security
|
||||
harden-dnssec-stripped: {{ 'yes' if unbound_harden_dnssec_stripped else 'no' }}
|
||||
harden-glue: {{ 'yes' if unbound_harden_glue else 'no' }}
|
||||
hide-identity: {{ 'yes' if unbound_hide_identity else 'no' }}
|
||||
hide-version: {{ 'yes' if unbound_hide_version else 'no' }}
|
||||
use-caps-for-id: {{ 'yes' if unbound_use_caps_for_id else 'no' }}
|
||||
qname-minimisation: {{ 'yes' if unbound_qname_minimisation else 'no' }}
|
||||
|
||||
# include zone configurations
|
||||
include: "/etc/unbound/zones.conf"
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue