Server:
# If no logfile is specified, syslog is used
chroot: ""
logfile: "/var/log/unbound/unbound.log"
log-queries: no
verbosity: 0
interface: 127.0.0.1
port: 5335
# IPv4 / IPv6-settings
do-ip6: no
do-ip4: yes
do-udp: yes
do-tcp: yes
# Set number of threads to use
num-threads: 1
# Hide DNS Server info
hide-identity: yes
hide-version: yes
# Limit DNS Fraud and use DNSSEC
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
use-caps-for-id: yes
harden-algo-downgrade: yes
qname-minimisation: yes
# Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning
unwanted-reply-threshold: 10000000
# Minimum lifetime of cache entries in seconds
cache-min-ttl: 300
# Maximum lifetime of cached entries
cache-max-ttl: 14400
# buffer size. This value has also been suggested in DNS Flag Day 2020.
edns-buffer-size: 1232
# Prefetch
prefetch: yes
prefetch-key: yes
# Optimisations
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
# Serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish | Default: no, 0
serve-expired: yes
serve-expired-ttl: 86400
# Increase memory size of the cache
rrset-cache-size: 64m
msg-cache-size: 32m
# Helps to reduce the query rate towards targets that get a very high nonexistent name lookup rate | Default: no
aggressive-nsec: yes
# Increase buffer size so that no messages are lost in traffic spikes
so-rcvbuf: 1m
# Private addresses
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
So sieht derzeit meine Config aus, wenn du da mal darüber schauen könntest.
Dann als einzelnes File...wie folgt.
# Auth Zone for the Internet root zone "."
# See RFC 8806 - Running a Root Server Local to a Resolver
#
https://www.rfc-editor.org/rfc/rfc8806.html
# =========================================================
auth-zone:
name: "."
master: "b.root-servers.net"
master: "c.root-servers.net"
master: "d.root-servers.net"
master: "f.root-servers.net"
master: "g.root-servers.net"
master: "k.root-servers.net"
url:
https://www.internic.net/domain/root.zone
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "/etc/unbound/root.zone"
