diff --git a/unbound.conf b/unbound.conf index 65480fc..7e30946 100644 --- a/unbound.conf +++ b/unbound.conf @@ -1,12 +1,14 @@ # -# See unbound.conf(5) man page. +# Example configuration file. +# +# See unbound.conf(5) man page, version 1.5.7. # # this is a comment. #Use this to include other text into the file. #include: "otherfile.conf" -# The server clause sets the main parameters. +# The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. @@ -314,7 +316,7 @@ server: # to validate the zone. # harden-algo-downgrade: no - # Sent minimum amount of information to upstream servers to enhance + # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE # to NS when possible. qname-minimisation: yes @@ -390,16 +392,13 @@ server: # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. - # Downloaded from https://secure.isc.org/ops/dlv/dlv.isc.org.key - # - # ISC's DLV registry is being deprecated in the near future, therefore - # it is not used in the default configuration. The use of ISC's DLV - # registry is discouraged. - # dlv-anchor-file: "/etc/unbound/dlv.isc.org.key" + # DLV is going to be decommissioned. Please do not use it any more. + # dlv-anchor-file: "dlv.isc.org.key" # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. + # Note this gets out of date, use auto-trust-anchor-file please. # trust-anchor-file: "" # File with trusted keys, kept uptodate using RFC5011 probes, @@ -550,7 +549,7 @@ server: # a number of locally served zones can be configured. # local-zone: # local-data: "" - # o deny serves local data (if any), else, drops queries. + # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. # o transparent gives local data, but resolves normally for other names @@ -611,7 +610,7 @@ server: # ratelimit-size: 4m # ratelimit cache slabs, reduces lock contention if equal to cpucount. # ratelimit-slabs: 4 - + # 0 blocks when ratelimited, otherwise let 1/xth traffic through # ratelimit-factor: 10 @@ -647,7 +646,7 @@ remote-control: # control-interface: ::1 # port number for remote control operations. - # control-port: 953 + # control-port: 8953 # unbound server key file. server-key-file: "/etc/unbound/unbound_server.key"