Changeset 13422 in hybrid for branches/releng-10/nanobsd/files


Ignore:
Timestamp:
Oct 3, 2015, 11:14:30 PM (9 years ago)
Author:
rick
Message:

PoC unbound.conf for WL images

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/releng-10/nanobsd/files/var/unbound/unbound.conf

    r13268 r13422  
    33#
    44server:
     5  # daemon details
     6    username: unbound
     7    directory: /var/unbound
     8    chroot: /var/unbound
     9    pidfile: /var/run/local_unbound.pid
     10    auto-trust-anchor-file: /var/unbound/root.key
     11
    512  # log verbosity
    6     verbosity: 3
    7 
    8     use-syslog: no
     13    verbosity: 1
     14
     15  # logging location
     16    use-syslog: yes
    917
    1018  # specify the interfaces to answer queries from by ip-address.  The default
     
    1321  # 'interface:' labeled line.  The listen interfaces are not changed on
    1422  # reload, only on restart.
    15     interface: 127.0.0.1
    16     interface: 172.17.16.129
    17     interface: 172.17.65.1
    18     interface: 172.16.4.124
    19     interface: 172.16.4.28
    20     interface: 172.16.3.21
    21     interface: 172.16.3.85
    22     interface: 172.17.16.1
    23 
    24   #  interface: 0.0.0.0
     23    interface: 0.0.0.0
    2524
    2625  # port to answer queries from
     
    135134  # 'local-data' names are allowed to have these private addresses. No default.
    136135    private-address: 10.0.0.0/8
    137 #    private-address: 172.16.0.0/12
     136    private-address: 172.16.0.0/12
    138137    private-address: 10.0.0.0/16
    139138    private-address: 192.254.0.0/16
     
    141140  # Allow the domain (and its subdomains) to contain private addresses.
    142141  # local-data statements are allowed to contain private addresses too.
    143   private-domain: "wleiden.net"
     142    private-domain: "wleiden.net"
     143    private-domain: "172.in-addr.arpa"
    144144
    145145  # If nonzero, unwanted replies are not only reported in statistics, but also
     
    162162  # query the Google DNS servers you MUST comment out this option or all DNS
    163163  # queries will fail.
    164  
    165164    auto-trust-anchor-file: "/var/unbound/root.key"
    166165
     
    186185    local-data: "adserver.yahoo.com A 127.0.0.1"
    187186
    188 
    189 
    190187  # Unbound will not load if you specify the same local-zone and local-data
    191188  # servers in the main configuration as well as in this "include:" file. We
     
    195192
    196193  # locally served zones can be configured for the machines on the LAN.
    197 
    198   #  local-zone: "wleiden.net" static
    199   #  local-zone: "16.172.in-addr.arpa" transparent
     194    local-data: "welcome.wleiden.net 172.31.255.1"
    200195
    201196  # include: /var/unbound/local-data
    202 
    203 #    local-data: "cetim2.wleiden.net.  IN A 172.17.137.1"
    204 #    local-data: "vosko2.wleiden.net.  IN A 172.17.93.1"
    205 #    local-data: "sunny.wleiden.net.  IN A 172.16.4.46"
    206 #    local-data: "imi.wleiden.net.  IN A 172.17.24.1"
    207 #    local-data: "laptop.home.lan.    IN A 10.0.0.2"
    208 #    local-data: "xboxone.home.lan.   IN A 10.0.0.3"
    209 #    local-data: "ps4.home.lan.       IN A 10.0.0.4"
    210 #    local-data: "dhcp5.home.lan.     IN A 10.0.0.5"
    211 #    local-data: "dhcp6.home.lan.     IN A 10.0.0.6"
    212 #    local-data: "dhcp7.home.lan.     IN A 10.0.0.7"
    213 
    214 #    local-data-ptr: "172.17.137.1  cetim2.wleiden.net"
    215 #    local-data-ptr: "172.17.93.1  vosko2.wleiden.net"
    216 #    local-data-ptr: "172.16.4.46  sunny.wleiden.net"
    217 #    local-data-ptr: "172.17.24.1  imi.wleiden.net"
    218 #    local-data-ptr: "10.0.0.2  laptop.home.lan"
    219 #    local-data-ptr: "10.0.0.3  xboxone.home.lan"
    220 #    local-data-ptr: "10.0.0.4  ps4.home.lan"
    221 #    local-data-ptr: "10.0.0.5  dhcp5.home.lan"
    222 #    local-data-ptr: "10.0.0.6  dhcp6.home.lan"
    223 #    local-data-ptr: "10.0.0.7  dhcp7.home.lan"
    224 
     197     
    225198  # Unbound can query your NSD or BIND server for private domain queries too.
    226199  # On our NSD page we have NSD configured to serve the private domain,
     
    233206  #      name: "home.lan"
    234207  #      stub-addr: 10.0.0.111@53
    235 
    236 #
    237 # include: stub-zone ?????
    238 #
    239 
    240   private-domain: "wleiden.net"
    241   local-zone: "16.172.in-addr.arpa." nodefault
    242   local-zone: "17.172.in-addr.arpa." nodefault
    243   local-zone: "18.172.in-addr.arpa." nodefault
    244   local-zone: "19.172.in-addr.arpa." nodefault
    245   local-zone: "20.172.in-addr.arpa." nodefault
    246   local-zone: "21.172.in-addr.arpa." nodefault
    247   local-zone: "22.172.in-addr.arpa." nodefault
    248   local-zone: "23.172.in-addr.arpa." nodefault
    249   local-zone: "24.172.in-addr.arpa." nodefault
    250   local-zone: "25.172.in-addr.arpa." nodefault
    251   local-zone: "26.172.in-addr.arpa." nodefault
    252   local-zone: "27.172.in-addr.arpa." nodefault
    253   local-zone: "28.172.in-addr.arpa." nodefault
    254   local-zone: "29.172.in-addr.arpa." nodefault
    255   local-zone: "30.172.in-addr.arpa." nodefault
    256   local-zone: "31.172.in-addr.arpa." nodefault
    257208  stub-zone:
    258209     name: "wleiden.net"
     
    292243     stub-addr: 172.16.4.46
    293244  stub-zone:
    294     name: "27.172.in-addr.arpa."
    295      stub-addr: 172.16.4.46
    296   stub-zone:
    297     name: "28.172.in-addr.arpa."
     245     name: "27.172.in-addr.arpa."
     246     stub-addr: 172.16.4.46
     247  stub-zone:
     248     name: "28.172.in-addr.arpa."
    298249     stub-addr: 172.16.4.46
    299250  stub-zone:
     
    306257     name: "31.172.in-addr.arpa."
    307258     stub-addr: 172.16.4.46
     259
    308260  # If you have an internal or private DNS names the external DNS servers can
    309261  # not resolve, then you can assign domain name strings to be redirected to a
     
    330282  #     forward-addr: 4.2.2.4        # Level3 Verizon
    331283
    332 
    333284  include: /var/unbound/forward-zone
    334285
Note: See TracChangeset for help on using the changeset viewer.