blob: d2d3aed292aad67499bfdd2c9c9010d0cb520f27 (
plain) (
tree)
|
|
server:
pidfile: "/run/unbound/unbound.pid"
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 1
define-tag: "local"
interface: 127.0.0.1
interface: ::1
interface: 185.38.175.0
interface: 2a01:4260:1ab::
outgoing-interface: 185.38.175.0
outgoing-interface: 2a01:4260:1ab::
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
so-reuseport: yes
ip-transparent: yes
max-udp-size: 3072
access-control-tag: 127.0.0.1/32 "local"
access-control-tag: ::1/128 "local"
access-control: 185.38.175.0/24 allow
access-control: 10.42.0.0/16 allow
access-control-tag: 10.42.0.0/24 "local"
access-control-tag: 10.42.1.0/24 "local"
access-control-tag: 10.42.2.0/24 "local"
# not free wifi 10.42.3.0/24
access-control-tag: 10.42.4.0/24 "local"
access-control-tag: 10.42.5.0/24 "local"
access-control: 2a01:4260:1ab::/48 allow
access-control-tag: 2a01:4260:1ab:a::/64 "local"
access-control-tag: 2a01:4260:1ab:b::/64 "local"
access-control-tag: 2a01:4260:1ab:c::/64 "local"
# not free wifi 2a01:4260:1ab:d::/64
access-control-tag: 2a01:4260:1ab:e::/64 "local"
access-control-tag: 2a01:4260:1ab:f::/64 "local"
chroot: ""
username: "unbound"
directory: "/etc/unbound"
use-syslog: yes
log-time-ascii: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
qname-minimisation: yes
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: "validator iterator"
trust-anchor-signaling: yes
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
serve-expired: yes
val-log-level: 1
local-zone: a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
local-zone: s. static
local-zone-tag: s. "local"
local-data: "s. IN SOA space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800"
local-data: "s. IN NS space.labitat.dk."
local-data: "s. IN A 10.42.1.1"
local-data: "s. IN AAAA 2a01:4260:1ab::"
local-data: "labitrack.s. IN A 185.38.175.70"
local-data: "labitrack.s. IN AAAA 2a01:4260:1ab::cafe"
local-data: "track.s. IN A 185.38.175.70"
local-data: "track.s. IN AAAA 2a01:4260:1ab::cafe"
{% for host in local_hosts %}
{% for ip in host.ips | ipv4 %}
{% if loop.index <= 1 %}
local-data: "{{ host.name }}.s. IN A {{ ip }}"
local-data-ptr: "{{ ip }} {{ host.name }}.s."
{% endif %}
{% endfor %}
{% for ip in host.ips | ipv6 %}
{% if loop.index <= 1 %}
local-data: "{{ host.name }}.s. IN AAAA {{ ip }}"
local-data-ptr: "{{ ip }} {{ host.name }}.s."
{% endif %}
{% endfor %}
{% endfor %}
remote-control:
control-enable: yes
control-use-cert: no
control-interface: "/run/unbound/control"
|