From 5e0c3647e4ac083898b13fb784cf5e5ac2fa554a Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 31 May 2020 20:23:20 +0200 Subject: [PATCH] Remove ratelimits for now and serve full reponses, update SOA --- templates/redxen-dns.conf.j2 | 2 +- templates/unbound.conf.j2 | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/redxen-dns.conf.j2 b/templates/redxen-dns.conf.j2 index 8721b73..0326493 100644 --- a/templates/redxen-dns.conf.j2 +++ b/templates/redxen-dns.conf.j2 @@ -4,7 +4,7 @@ server: local-data: "redxen.eu. 10800 IN NS {{ host }}.redxen.eu" {% endfor %} - local-data: "redxen.eu. IN SOA n0.redxen.eu admin.redxen.eu 2020053001 86400 7200 3600000 172800" + local-data: "redxen.eu. IN SOA n0.redxen.eu admin.redxen.eu 2020053102 1800 120 604800 3600" {% for record in unbound.public.TXT %} local-data: "{{ record.name }}redxen.eu. 86400 IN TXT {{ record.content }}" diff --git a/templates/unbound.conf.j2 b/templates/unbound.conf.j2 index 3f26c3c..f54d628 100644 --- a/templates/unbound.conf.j2 +++ b/templates/unbound.conf.j2 @@ -4,11 +4,12 @@ server: directory: "/etc/unbound" access-control: 0.0.0.0/0 refuse_non_local access-control: ::/0 refuse_non_local + # Local Host - access-control: 127.0.0.0/24 allow + access-control: 127.0.0.0/8 allow # Wireguard Range access-control: 172.22.12.0/24 allow - # log-replies: yes + #log-replies: yes interface: {{ unbound.listen.ipv4 }} interface: {{ unbound.listen.ipv6 }} extended-statistics: yes @@ -17,10 +18,10 @@ server: trust-anchor-file: /usr/share/dns/root.key tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt port: {{ unbound.port }} - ratelimit: 20 prefetch: yes prefetch-key: yes do-daemonize: no + minimal-responses: no logfile: "" cache-min-ttl: 60 harden-glue: yes