# $OpenBSD: unbound.conf,v 1.1 2014/03/15 00:34:18 sthen Exp $ server: interface: 127.0.0.1 #interface: 127.0.0.1@5353 # listen on alternative port interface: ::1 #do-ip6: no access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow hide-identity: yes hide-version: yes # Enable DNSSEC validation. Fetch a root key with unbound-anchor(8). # #module-config: "validator iterator" #auto-trust-anchor-file: "/var/unbound/etc/root.key" # Serve zones authoritatively from Unbound to resolver clients. # Not for external service. Note use of "nodefault" for AS112 zones, # i.e. reverse lookup zones for RFC1918 and similar addresses. # #local-zone: "local." static #local-data: "mycomputer.local. IN A 192.0.2.51" #local-zone: "2.0.192.in-addr.arpa." static nodefault #local-data-ptr: "192.0.2.51 mycomputer.local" # UDP EDNS reassembly buffer advertised to peers. Default 4096. # May need lowering on broken networks with fragmentation/MTU issues, # particularly if validating DNSSEC. # #edns-buffer-size: 1480 # Use TCP for "forward-zone" requests. Useful if you are making # DNS requests over an SSH port forwarding. # #tcp-upstream: yes # Use an upstream forwarder (recursive resolver) for specific zones. # Example addresses given below are public resolvers valid as of 2014/03. # #forward-zone: # name: "." # use for ALL queries # forward-addr: 74.82.42.42 # he.net # forward-addr: 2001:470:20::2 # he.net v6 # forward-addr: 8.8.8.8 # google.com # forward-addr: 2001:4860:4860::8888 # google.com v6 # forward-addr: 208.67.222.222 # opendns.com # forward-first: yes # try direct if forwarder fails