From f70050e6d603c5dae873af1327a4bffaa4b48475 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 10 Dec 2020 19:46:23 +0100 Subject: [PATCH] Update default configuration from 1.13.0 Add new additions to default configuration. None of them is uncommented, but some of they changed default values. --- unbound.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/unbound.conf b/unbound.conf index dfbd635..ae3fcf5 100644 --- a/unbound.conf +++ b/unbound.conf @@ -182,6 +182,9 @@ server: # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 + # perform connect for UDP sockets to mitigate ICMP side channel. + # udp-connect: yes + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -213,6 +216,9 @@ server: # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 + # enable to make server probe down hosts more frequently. + # infra-keep-probing: no + # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. @@ -835,6 +841,9 @@ server: # service. # http-nodelay: yes + # Disable TLS for DNS-over-HTTP downstream service. + # http-notls-downstream: no + # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96