example.conf - OpenGrok cross reference for /freebsd/contrib/unbound/doc/example.conf

Deleted Added

sdiffudifftextold (5a2b666c..)new (b75612f8..)

example.conf (5a2b666ce590a56f147e167aa07684af2d6b854a)	example.conf (b75612f8e7445139aa2b10038feab06da4b45cc1)
1# 2# Example configuration file. 3#	1# 2# Example configuration file. 3#
4# See unbound.conf(5) man page, version 1.5.4.	4# See unbound.conf(5) man page, version 1.5.5.
5# 6# this is a comment. 7 8#Use this to include other text into the file. 9#include: "otherfile.conf" 10 11# The server clause sets the main parameters. 12server: --- 276 unchanged lines hidden (view full) --- 289 # infrastructure data. Validates the replies (if possible). 290 # Default off, because the lookups burden the server. Experimental 291 # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. 292 # harden-referral-path: no 293 294 # Harden against algorithm downgrade when multiple algorithms are 295 # advertised in the DS record. If no, allows the weakest algorithm 296 # to validate the zone.	5# 6# this is a comment. 7 8#Use this to include other text into the file. 9#include: "otherfile.conf" 10 11# The server clause sets the main parameters. 12server: --- 276 unchanged lines hidden (view full) --- 289 # infrastructure data. Validates the replies (if possible). 290 # Default off, because the lookups burden the server. Experimental 291 # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. 292 # harden-referral-path: no 293 294 # Harden against algorithm downgrade when multiple algorithms are 295 # advertised in the DS record. If no, allows the weakest algorithm 296 # to validate the zone.
297 # harden-algo-downgrade: yes	297 # harden-algo-downgrade: no
298 299 # Use 0x20-encoded random bits in the query to foil spoof attempts. 300 # This feature is an experimental implementation of draft dns-0x20. 301 # use-caps-for-id: no 302 303 # Domains (and domains in them) without support for dns-0x20 and 304 # the fallback fails because they keep sending different answers. 305 # caps-whitelist: "licdn.com" --- 133 unchanged lines hidden (view full) --- 439 440 # instruct the auto-trust-anchor-file probing to del anchors after ttl. 441 # del-holddown: 2592000 # 30 days 442 443 # auto-trust-anchor-file probing removes missing anchors after ttl. 444 # If the value 0 is given, missing anchors are not removed. 445 # keep-missing: 31622400 # 366 days 446	298 299 # Use 0x20-encoded random bits in the query to foil spoof attempts. 300 # This feature is an experimental implementation of draft dns-0x20. 301 # use-caps-for-id: no 302 303 # Domains (and domains in them) without support for dns-0x20 and 304 # the fallback fails because they keep sending different answers. 305 # caps-whitelist: "licdn.com" --- 133 unchanged lines hidden (view full) --- 439 440 # instruct the auto-trust-anchor-file probing to del anchors after ttl. 441 # del-holddown: 2592000 # 30 days 442 443 # auto-trust-anchor-file probing removes missing anchors after ttl. 444 # If the value 0 is given, missing anchors are not removed. 445 # keep-missing: 31622400 # 366 days 446
	447 # debug option that allows very small holddown times for key rollover 448 # permit-small-holddown: no 449
447 # the amount of memory to use for the key cache. 448 # plain value in bytes or you can append k, m or G. default is "4Mb". 449 # key-cache-size: 4m 450 451 # the number of slabs to use for the key cache. 452 # the number of slabs must be a power of 2. 453 # more slabs reduce lock contention, but fragment memory usage. 454 # key-cache-slabs: 4 --- 163 unchanged lines hidden (view full) --- 618 # control-cert-file: "/var/unbound/unbound_control.pem" 619 620# Stub zones. 621# Create entries like below, to make all queries for 'example.com' and 622# 'example.org' go to the given list of nameservers. list zero or more 623# nameservers by hostname or by ipaddress. If you set stub-prime to yes, 624# the list is treated as priming hints (default is no). 625# With stub-first yes, it attempts without the stub if it fails.	450 # the amount of memory to use for the key cache. 451 # plain value in bytes or you can append k, m or G. default is "4Mb". 452 # key-cache-size: 4m 453 454 # the number of slabs to use for the key cache. 455 # the number of slabs must be a power of 2. 456 # more slabs reduce lock contention, but fragment memory usage. 457 # key-cache-slabs: 4 --- 163 unchanged lines hidden (view full) --- 621 # control-cert-file: "/var/unbound/unbound_control.pem" 622 623# Stub zones. 624# Create entries like below, to make all queries for 'example.com' and 625# 'example.org' go to the given list of nameservers. list zero or more 626# nameservers by hostname or by ipaddress. If you set stub-prime to yes, 627# the list is treated as priming hints (default is no). 628# With stub-first yes, it attempts without the stub if it fails.
	629# Consider adding domain-insecure: name and local-zone: name nodefault 630# to the server: section if the stub is a locally served zone.
626# stub-zone: 627# name: "example.com" 628# stub-addr: 192.0.2.68 629# stub-prime: no 630# stub-first: no 631# stub-zone: 632# name: "example.org" 633# stub-host: ns.example.com. --- 15 unchanged lines hidden ---	631# stub-zone: 632# name: "example.com" 633# stub-addr: 192.0.2.68 634# stub-prime: no 635# stub-first: no 636# stub-zone: 637# name: "example.org" 638# stub-host: ns.example.com. --- 15 unchanged lines hidden ---