Alex Denes
8df9fdc4ab
- More templating and inheritance - New commands + rx_replace + rx_install + rx_cpkgdir - More transparency with secrets being sourced as variables and replaced - Modularization of configs + telegraf + nginx (partial) + fastd + wireguard + unbound - Split of unbound configurations and bind zones - Bumping of key versions (rolling keys) + ZSK/KSK + OpenDKIM - Relaxed permission defaults and other smaller tweaks...
25 lines
583 B
Plaintext
25 lines
583 B
Plaintext
server:
|
|
#log-replies: yes
|
|
interface: 0.0.0.0
|
|
interface: ::0
|
|
extended-statistics: yes
|
|
rrset-roundrobin: yes
|
|
root-hints: /usr/share/dns-root-hints/named.root
|
|
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
|
|
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
|
port: 53
|
|
prefetch: yes
|
|
prefetch-key: yes
|
|
do-daemonize: yes
|
|
pidfile: "/run/unbound.pid"
|
|
minimal-responses: no
|
|
logfile: ""
|
|
cache-min-ttl: 60
|
|
harden-glue: yes
|
|
aggressive-nsec: yes
|
|
serve-expired: yes
|
|
serve-expired-ttl: 86400
|
|
serve-expired-ttl-reset: yes
|
|
|
|
include: "/etc/redxen/unbound/module/*.conf"
|