summaryrefslogtreecommitdiff
path: root/etc/unbound.conf
AgeCommit message (Collapse)Author
2016-03-30add "outgoing-interface" to sample unbound.confStuart Henderson
2015-12-15add commented-out unbound.conf entries for dns64 (sitting in my tree and ok'dStuart Henderson
some time ago by phessler and IIRC also mikeb), and for qname-minimisation
2015-07-19change default unbound config to enable the control socket, without usingStuart Henderson
keys/certificates for auth. ok florian@
2014-04-02Fix syntax error in commented out local-zone entry. OK sthen@Todd C. Miller
2014-03-23Remove commented-out module-config line, it is already set to "validatorStuart Henderson
iterator" by default. Pointed out by Patrik Lundin.
2014-03-21Install a /var/unbound/db directory, writable by the _unbound daemon,Stuart Henderson
and use it as the default location for the DNSSEC root key. Update default config for this location. With this, the only step required to enable DNSSEC validation is to uncomment these default config entries and restart: #module-config: "validator iterator" #auto-trust-anchor-file: "/var/unbound/db/root.key" There is no longer a requirement to run unbound-anchor manually to update the root key. The rc.d script will take care of updates at boot, and Unbound will manage the file itself at runtime. Test with "dig test.dnssec-or-not.net txt @127.0.0.1" or similar.
2014-03-15Add a new sample config file and rc.d script for unbound, ok deraadt@Stuart Henderson