41 lines
819 B
Django/Jinja
41 lines
819 B
Django/Jinja
server:
|
|
verbosity: 1
|
|
interface-automatic: yes
|
|
ip-freebind: yes
|
|
port: 53
|
|
do-ip4: yes
|
|
do-ip6: yes
|
|
do-udp: yes
|
|
do-tcp: no
|
|
|
|
# access control
|
|
{% for network in unbound_allow_access %}
|
|
## {{ network.name }}
|
|
access-control: {{ network.network }} allow
|
|
|
|
{% endfor %}
|
|
|
|
# security and performance
|
|
cache-max-ttl: 86400
|
|
cache-min-ttl: 3600
|
|
harden-dnssec-stripped: yes
|
|
harden-glue: yes
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
infra-cache-slabs: 8
|
|
key-cache-slabs: 8
|
|
msg-cache-slabs: 8
|
|
num-threads: 2
|
|
prefetch: yes
|
|
rrset-cache-slabs: 8
|
|
use-caps-for-id: no
|
|
|
|
# include zone configurations
|
|
include: "/etc/unbound/zones.conf"
|
|
|
|
# forward zones configuration
|
|
forward-zone:
|
|
name: "."
|
|
{% for dns_server in unbound_upstream_dns %}
|
|
forward-addr: {{ dns_server }}
|
|
{% endfor %}
|