- update unbound.conf to 1.6.14 feature set
Allow ipsecmod to be enabled via libreswan unbound-control command
This commit is contained in:
Paul Wouters
parent
7d28caf1f9
commit
bd329fe8e7
22
unbound.conf
22
unbound.conf
@ -38,7 +38,7 @@ server:
|
||||
extended-statistics: yes
|
||||
|
||||
# number of threads to create. 1 disables threading.
|
||||
num-threads: 2
|
||||
num-threads: 4
|
||||
|
||||
# specify the interfaces to answer queries from by ip-address.
|
||||
# The default is to listen to localhost (127.0.0.1 and ::1).
|
||||
@ -121,7 +121,7 @@ server:
|
||||
# so-sndbuf: 0
|
||||
|
||||
# use SO_REUSEPORT to distribute queries over threads.
|
||||
# so-reuseport: no
|
||||
so-reuseport: yes
|
||||
|
||||
# use IP_TRANSPARENT so the interface: addresses can be non-local
|
||||
# and you can config non-existing IPs that are going to work later on
|
||||
@ -337,12 +337,12 @@ server:
|
||||
# enable to not answer id.server and hostname.bind queries.
|
||||
# hide-identity: no
|
||||
|
||||
# enable to not answer trustanchor.unbound queries.
|
||||
# hide-trustanchor: no
|
||||
|
||||
# enable to not answer version.server and version.bind queries.
|
||||
# hide-version: no
|
||||
|
||||
# enable to not answer trustanchor.unbound queries.
|
||||
# hide-trustanchor: no
|
||||
|
||||
# the identity to report. Leave "" or default to return hostname.
|
||||
# identity: ""
|
||||
|
||||
@ -459,7 +459,7 @@ server:
|
||||
|
||||
# module configuration of the server. A string with identifiers
|
||||
# separated by spaces. Syntax: "[dns64] [validator] iterator"
|
||||
# module-config: "validator iterator"
|
||||
module-config: "ipsecmod validator iterator"
|
||||
|
||||
# File with trusted keys, kept uptodate using RFC5011 probes,
|
||||
# initial file like trust-anchor-file, then it stores metadata.
|
||||
@ -538,7 +538,7 @@ server:
|
||||
|
||||
# Serve expired reponses from cache, with TTL 0 in the response,
|
||||
# and then attempt to fetch the data afresh.
|
||||
# serve-expired: no
|
||||
serve-expired: yes
|
||||
|
||||
# Have the validator log failed validations for your diagnosis.
|
||||
# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
|
||||
@ -727,6 +727,14 @@ server:
|
||||
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
||||
# ip-ratelimit-factor: 10
|
||||
|
||||
# IPsec module for Opportunistic IPsec
|
||||
# Libreswan will enable this via unbound-control
|
||||
#ipsecmod-enabled:yes
|
||||
#ipsecmod-hook:/usr/libexec/ipsec/unbound-hook.py
|
||||
#ipsecmod-ignore-bogus:no
|
||||
#ipsecmod-max-ttl:3600
|
||||
#ipsecmod-whitelist:libreswan.org
|
||||
|
||||
# Python config section. To enable:
|
||||
# o use --with-pythonmodule to configure before compiling.
|
||||
# o list python in the module-config string (above) to enable.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user