2020-04-02 17:48:34 +00:00
|
|
|
include: "/etc/unbound/redxen-dns.conf"
|
2020-04-07 20:01:27 +00:00
|
|
|
include: "/etc/unbound/internal.conf"
|
2020-04-02 17:48:34 +00:00
|
|
|
server:
|
|
|
|
directory: "/etc/unbound"
|
|
|
|
access-control: 0.0.0.0/0 refuse_non_local
|
2020-05-31 10:00:16 +00:00
|
|
|
access-control: ::/0 refuse_non_local
|
2020-05-31 18:23:20 +00:00
|
|
|
|
2020-04-02 17:48:34 +00:00
|
|
|
# Local Host
|
2020-05-31 18:23:20 +00:00
|
|
|
access-control: 127.0.0.0/8 allow
|
2020-04-02 17:48:34 +00:00
|
|
|
# Wireguard Range
|
|
|
|
access-control: 172.22.12.0/24 allow
|
2020-05-31 18:23:20 +00:00
|
|
|
#log-replies: yes
|
2020-05-21 18:17:57 +00:00
|
|
|
interface: {{ unbound.listen.ipv4 }}
|
|
|
|
interface: {{ unbound.listen.ipv6 }}
|
2020-04-02 17:48:34 +00:00
|
|
|
extended-statistics: yes
|
2020-04-07 20:01:27 +00:00
|
|
|
root-hints: /usr/share/dns/root.hints
|
2020-04-02 17:48:34 +00:00
|
|
|
rrset-roundrobin: yes
|
2020-04-07 20:01:27 +00:00
|
|
|
trust-anchor-file: /usr/share/dns/root.key
|
2020-04-02 17:48:34 +00:00
|
|
|
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
2020-05-21 18:17:57 +00:00
|
|
|
port: {{ unbound.port }}
|
2020-04-02 17:48:34 +00:00
|
|
|
prefetch: yes
|
|
|
|
prefetch-key: yes
|
|
|
|
do-daemonize: no
|
2020-05-31 18:23:20 +00:00
|
|
|
minimal-responses: no
|
2020-04-02 17:48:34 +00:00
|
|
|
logfile: ""
|
|
|
|
cache-min-ttl: 60
|
|
|
|
harden-glue: yes
|
|
|
|
aggressive-nsec: yes
|
|
|
|
serve-expired: yes
|
|
|
|
serve-expired-ttl: 86400
|
|
|
|
serve-expired-ttl-reset: yes
|
|
|
|
remote-control:
|
|
|
|
control-enable: yes
|
|
|
|
control-use-cert: no
|
2020-04-07 20:01:27 +00:00
|
|
|
control-interface: 127.0.0.1
|
2020-04-02 17:48:34 +00:00
|
|
|
forward-zone:
|
|
|
|
name: "."
|
|
|
|
forward-tls-upstream: yes
|
2020-05-21 18:17:57 +00:00
|
|
|
{% for forward in unbound.forward %}
|
|
|
|
forward-addr: {{ forward.ipa }}@{{ forward.port|default(853) }}#{{ forward.host }}
|
|
|
|
{% endfor %}
|