Created
May 31, 2020 01:31
-
-
Save XertroV/d5779229a53f79e3b46a8acee3df8c58 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
num-threads: 4 | |
#Enable logs | |
verbosity: 1 | |
#list of Root DNS Server | |
root-hints: "/var/lib/unbound/root.hints" | |
#Use the root servers key for DNSSEC | |
auto-trust-anchor-file: "/var/lib/unbound/root.key" | |
#Respond to DNS requests on all interfaces | |
interface: 0.0.0.0 | |
max-udp-size: 3072 | |
#Authorized IPs to access the DNS Server | |
access-control: 0.0.0.0/0 refuse | |
access-control: 127.0.0.1 allow | |
access-control: 192.168.13.0/24 allow | |
#not allowed to be returned for public internet names | |
private-address: 192.168.13.0/24 | |
# Hide DNS Server info | |
hide-identity: yes | |
hide-version: yes | |
#Limit DNS Fraud and use DNSSEC | |
harden-glue: yes | |
harden-dnssec-stripped: yes | |
harden-referral-path: yes | |
#Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning | |
unwanted-reply-threshold: 10000000 | |
#Have the validator print validation failures to the log. | |
val-log-level: 1 | |
#Minimum lifetime of cache entries in seconds | |
cache-min-ttl: 1800 | |
#Maximum lifetime of cached entries | |
cache-max-ttl: 14400 | |
prefetch: yes | |
prefetch-key: yes | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment