mailinabox/conf/unbound.conf

server:
      # the working directory.
      directory: "/etc/unbound"

      # run as the unbound user
      username: unbound

      verbosity: 0      # uncomment and increase to get more logging.
      # logfile: "/var/log/unbound.log" # won't work due to apparmor
      # use-syslog: no

      # By default listen only to localhost
      #interface: ::1
      #interface: 127.0.0.1
      port: 53

      # Only allow localhost to use this Unbound instance.
      access-control: 127.0.0.1/8 allow
      access-control: ::1/128 allow

      # Functionality
      do-ip4: yes
      do-ip6: yes
      do-udp: yes
      do-tcp: yes

      # Performance
      num-threads: 2
      cache-min-ttl: 300
      cache-max-ttl: 86400
      serve-expired: yes
      neg-cache-size: 4M
      msg-cache-size: 50m
      rrset-cache-size: 100m

      so-reuseport: yes
      so-rcvbuf: 4m
      so-sndbuf: 4m

      # Privacy / hardening
      # hide server info from clients
      hide-identity: yes
      hide-version: yes
      harden-glue: yes
      harden-dnssec-stripped: yes
      harden-algo-downgrade: yes
      harden-large-queries: yes
      harden-short-bufsize: yes

      rrset-roundrobin: yes
      minimal-responses: yes
      identity: "Server" #

remote-control:
      control-enable: yes
      control-port: 953
initial changes to use unbound as local dns resolver instead of bind 2022-03-20 19:57:19 +00:00			`server:`
			`# the working directory.`
			`directory: "/etc/unbound"`

			`# run as the unbound user`
			`username: unbound`

			`verbosity: 0 # uncomment and increase to get more logging.`
			`# logfile: "/var/log/unbound.log" # won't work due to apparmor`
			`# use-syslog: no`

			`# By default listen only to localhost`
			`#interface: ::1`
			`#interface: 127.0.0.1`
			`port: 53`

			`# Only allow localhost to use this Unbound instance.`
			`access-control: 127.0.0.1/8 allow`
			`access-control: ::1/128 allow`

			`# Functionality`
			`do-ip4: yes`
			`do-ip6: yes`
			`do-udp: yes`
			`do-tcp: yes`

			`# Performance`
			`num-threads: 2`
			`cache-min-ttl: 300`
			`cache-max-ttl: 86400`
			`serve-expired: yes`
			`neg-cache-size: 4M`
			`msg-cache-size: 50m`
			`rrset-cache-size: 100m`

			`so-reuseport: yes`
			`so-rcvbuf: 4m`
			`so-sndbuf: 4m`

			`# Privacy / hardening`
			`# hide server info from clients`
			`hide-identity: yes`
			`hide-version: yes`
			`harden-glue: yes`
			`harden-dnssec-stripped: yes`
			`harden-algo-downgrade: yes`
			`harden-large-queries: yes`
			`harden-short-bufsize: yes`

			`rrset-roundrobin: yes`
			`minimal-responses: yes`
			`identity: "Server" #`

			`remote-control:`
			`control-enable: yes`
			`control-port: 953`