Index: branches/releng-10/nanobsd/files/var/unbound/unbound.conf =================================================================== --- branches/releng-10/nanobsd/files/var/unbound/unbound.conf (revision 13417) +++ branches/releng-10/nanobsd/files/var/unbound/unbound.conf (revision 13422) @@ -3,8 +3,16 @@ # server: + # daemon details + username: unbound + directory: /var/unbound + chroot: /var/unbound + pidfile: /var/run/local_unbound.pid + auto-trust-anchor-file: /var/unbound/root.key + # log verbosity - verbosity: 3 - - use-syslog: no + verbosity: 1 + + # logging location + use-syslog: yes # specify the interfaces to answer queries from by ip-address. The default @@ -13,14 +21,5 @@ # 'interface:' labeled line. The listen interfaces are not changed on # reload, only on restart. - interface: 127.0.0.1 - interface: 172.17.16.129 - interface: 172.17.65.1 - interface: 172.16.4.124 - interface: 172.16.4.28 - interface: 172.16.3.21 - interface: 172.16.3.85 - interface: 172.17.16.1 - - # interface: 0.0.0.0 + interface: 0.0.0.0 # port to answer queries from @@ -135,5 +134,5 @@ # 'local-data' names are allowed to have these private addresses. No default. private-address: 10.0.0.0/8 -# private-address: 172.16.0.0/12 + private-address: 172.16.0.0/12 private-address: 10.0.0.0/16 private-address: 192.254.0.0/16 @@ -141,5 +140,6 @@ # Allow the domain (and its subdomains) to contain private addresses. # local-data statements are allowed to contain private addresses too. - private-domain: "wleiden.net" + private-domain: "wleiden.net" + private-domain: "172.in-addr.arpa" # If nonzero, unwanted replies are not only reported in statistics, but also @@ -162,5 +162,4 @@ # query the Google DNS servers you MUST comment out this option or all DNS # queries will fail. - auto-trust-anchor-file: "/var/unbound/root.key" @@ -186,6 +185,4 @@ local-data: "adserver.yahoo.com A 127.0.0.1" - - # Unbound will not load if you specify the same local-zone and local-data # servers in the main configuration as well as in this "include:" file. We @@ -195,32 +192,8 @@ # locally served zones can be configured for the machines on the LAN. - - # local-zone: "wleiden.net" static - # local-zone: "16.172.in-addr.arpa" transparent + local-data: "welcome.wleiden.net 172.31.255.1" # include: /var/unbound/local-data - -# local-data: "cetim2.wleiden.net. IN A 172.17.137.1" -# local-data: "vosko2.wleiden.net. IN A 172.17.93.1" -# local-data: "sunny.wleiden.net. IN A 172.16.4.46" -# local-data: "imi.wleiden.net. IN A 172.17.24.1" -# local-data: "laptop.home.lan. IN A 10.0.0.2" -# local-data: "xboxone.home.lan. IN A 10.0.0.3" -# local-data: "ps4.home.lan. IN A 10.0.0.4" -# local-data: "dhcp5.home.lan. IN A 10.0.0.5" -# local-data: "dhcp6.home.lan. IN A 10.0.0.6" -# local-data: "dhcp7.home.lan. IN A 10.0.0.7" - -# local-data-ptr: "172.17.137.1 cetim2.wleiden.net" -# local-data-ptr: "172.17.93.1 vosko2.wleiden.net" -# local-data-ptr: "172.16.4.46 sunny.wleiden.net" -# local-data-ptr: "172.17.24.1 imi.wleiden.net" -# local-data-ptr: "10.0.0.2 laptop.home.lan" -# local-data-ptr: "10.0.0.3 xboxone.home.lan" -# local-data-ptr: "10.0.0.4 ps4.home.lan" -# local-data-ptr: "10.0.0.5 dhcp5.home.lan" -# local-data-ptr: "10.0.0.6 dhcp6.home.lan" -# local-data-ptr: "10.0.0.7 dhcp7.home.lan" - + # Unbound can query your NSD or BIND server for private domain queries too. # On our NSD page we have NSD configured to serve the private domain, @@ -233,26 +206,4 @@ # name: "home.lan" # stub-addr: 10.0.0.111@53 - -# -# include: stub-zone ????? -# - - private-domain: "wleiden.net" - local-zone: "16.172.in-addr.arpa." nodefault - local-zone: "17.172.in-addr.arpa." nodefault - local-zone: "18.172.in-addr.arpa." nodefault - local-zone: "19.172.in-addr.arpa." nodefault - local-zone: "20.172.in-addr.arpa." nodefault - local-zone: "21.172.in-addr.arpa." nodefault - local-zone: "22.172.in-addr.arpa." nodefault - local-zone: "23.172.in-addr.arpa." nodefault - local-zone: "24.172.in-addr.arpa." nodefault - local-zone: "25.172.in-addr.arpa." nodefault - local-zone: "26.172.in-addr.arpa." nodefault - local-zone: "27.172.in-addr.arpa." nodefault - local-zone: "28.172.in-addr.arpa." nodefault - local-zone: "29.172.in-addr.arpa." nodefault - local-zone: "30.172.in-addr.arpa." nodefault - local-zone: "31.172.in-addr.arpa." nodefault stub-zone: name: "wleiden.net" @@ -292,8 +243,8 @@ stub-addr: 172.16.4.46 stub-zone: - name: "27.172.in-addr.arpa." - stub-addr: 172.16.4.46 - stub-zone: - name: "28.172.in-addr.arpa." + name: "27.172.in-addr.arpa." + stub-addr: 172.16.4.46 + stub-zone: + name: "28.172.in-addr.arpa." stub-addr: 172.16.4.46 stub-zone: @@ -306,4 +257,5 @@ name: "31.172.in-addr.arpa." stub-addr: 172.16.4.46 + # If you have an internal or private DNS names the external DNS servers can # not resolve, then you can assign domain name strings to be redirected to a @@ -330,5 +282,4 @@ # forward-addr: 4.2.2.4 # Level3 Verizon - include: /var/unbound/forward-zone