Update 'Config/Unbound/pi-hole.conf'
Added multiple comments to sections explaining their purpose. Added private IPv6 range Added max queries per sec Added extra privacy measures Added caching with prefetch
This commit is contained in:
parent
23e42f5f0f
commit
46924deb99
@ -3,6 +3,11 @@ server:
|
|||||||
# logfile: "/var/log/unbound/unbound.log"
|
# logfile: "/var/log/unbound/unbound.log"
|
||||||
verbosity: 0
|
verbosity: 0
|
||||||
interface: 127.0.0.1
|
interface: 127.0.0.1
|
||||||
|
|
||||||
|
# A single thread is pretty sufficient for home or small office instances.
|
||||||
|
num-threads: 1
|
||||||
|
|
||||||
|
# Define protocols for connections to and from Unbound.
|
||||||
port: 5335
|
port: 5335
|
||||||
do-ip4: yes
|
do-ip4: yes
|
||||||
do-udp: yes
|
do-udp: yes
|
||||||
@ -10,17 +15,44 @@ server:
|
|||||||
do-ip6: no
|
do-ip6: no
|
||||||
prefer-ip6: no
|
prefer-ip6: no
|
||||||
|
|
||||||
harden-glue: yes
|
# Private IP ranges, which shall never be returned or forwarded as public DNS response.
|
||||||
harden-dnssec-stripped: yes
|
private-address: 10.0.0.0/8
|
||||||
use-caps-for-id: no
|
|
||||||
edns-buffer-size: 1472
|
|
||||||
prefetch: yes
|
|
||||||
num-threads: 1
|
|
||||||
so-rcvbuf: 1m
|
|
||||||
|
|
||||||
private-address: 192.168.0.0/16
|
|
||||||
private-address: 169.254.0.0/16
|
private-address: 169.254.0.0/16
|
||||||
private-address: 172.16.0.0/12
|
private-address: 172.16.0.0/12
|
||||||
private-address: 10.0.0.0/8
|
private-address: 192.168.0.0/16
|
||||||
private-address: fd00::/8
|
private-address: fd00::/8
|
||||||
private-address: fe80::/10
|
private-address: fe80::/10
|
||||||
|
|
||||||
|
# Maximum number of queries per second
|
||||||
|
ratelimit: 1000
|
||||||
|
|
||||||
|
# Defend against and print warning when reaching unwanted reply limit.
|
||||||
|
unwanted-reply-threshold: 10000
|
||||||
|
|
||||||
|
# Set EDNS reassembly buffer size to match new upstream default, as of DNS Flag Day 2020 recommendation.
|
||||||
|
edns-buffer-size: 1232
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
harden-glue: yes
|
||||||
|
harden-dnssec-stripped: yes
|
||||||
|
harden-algo-downgrade: yes
|
||||||
|
harden-large-queries: yes
|
||||||
|
harden-short-bufsize: yes
|
||||||
|
|
||||||
|
# Privacy
|
||||||
|
use-caps-for-id: yes
|
||||||
|
rrset-roundrobin: yes
|
||||||
|
|
||||||
|
# Increase incoming and outgoing query buffer size to cover traffic peaks.
|
||||||
|
so-rcvbuf: 4m
|
||||||
|
so-sndbuf: 4m
|
||||||
|
|
||||||
|
# Caching
|
||||||
|
cache-min-ttl: 300
|
||||||
|
cache-max-ttl: 86400
|
||||||
|
serve-expired: yes
|
||||||
|
neg-cache-size: 4M
|
||||||
|
prefetch: yes
|
||||||
|
prefetch-key: yes
|
||||||
|
msg-cache-size: 50m
|
||||||
|
rrset-cache-size: 100m
|
||||||
Loading…
x
Reference in New Issue
Block a user