Allow public IP as source, remove extra public recursion (only leaving local zones) and add more statistics and round robin
This commit is contained in:
parent
49f18374f4
commit
bf932e987f
|
@ -2,15 +2,26 @@ include: "/etc/unbound/redxen-dns.conf"
|
||||||
server:
|
server:
|
||||||
directory: "/etc/unbound"
|
directory: "/etc/unbound"
|
||||||
username: unbound
|
username: unbound
|
||||||
access-control: 0.0.0.0/0 deny_non_local
|
do-not-query-address: 127.0.0.11
|
||||||
|
access-control: 0.0.0.0/0 refuse_non_local
|
||||||
|
# Local Host
|
||||||
access-control: 127.0.0.0/24 allow
|
access-control: 127.0.0.0/24 allow
|
||||||
access-control: 172.17.12.0/24 allow
|
# Docker Host
|
||||||
access-control: 172.18.0.1/32 allow
|
access-control: 172.18.0.1/32 allow
|
||||||
# log-replies: yes
|
# Wireguard Range
|
||||||
|
access-control: 172.22.12.0/24 allow
|
||||||
|
# Allow Loopback connections with public ip as source
|
||||||
|
access-control: 88.198.95.52/32 allow
|
||||||
|
access-control: 88.198.95.107/32 allow
|
||||||
|
access-control: 88.198.95.100/32 allow
|
||||||
|
access-control: 88.198.95.106/32 allow
|
||||||
|
access-control: 88.198.95.63/32 allow
|
||||||
|
#log-replies: yes
|
||||||
interface: 0.0.0.0
|
interface: 0.0.0.0
|
||||||
interface: ::0
|
interface: ::0
|
||||||
access-control: 0.0.0.0/0 allow
|
extended-statistics: yes
|
||||||
root-hints: root.hints
|
root-hints: root.hints
|
||||||
|
rrset-roundrobin: yes
|
||||||
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
|
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
|
||||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||||
port: 5353
|
port: 5353
|
||||||
|
|
Reference in New Issue