aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/unbound
diff options
context:
space:
mode:
Diffstat (limited to 'roles/space_server/files/unbound')
-rw-r--r--roles/space_server/files/unbound/unbound.conf142
1 files changed, 142 insertions, 0 deletions
diff --git a/roles/space_server/files/unbound/unbound.conf b/roles/space_server/files/unbound/unbound.conf
new file mode 100644
index 0000000..1679aea
--- /dev/null
+++ b/roles/space_server/files/unbound/unbound.conf
@@ -0,0 +1,142 @@
+server:
+ pidfile: "/run/unbound/unbound.pid"
+ verbosity: 1
+ statistics-interval: 0
+ statistics-cumulative: no
+ extended-statistics: yes
+ num-threads: 1
+
+ define-tag: "local"
+
+ interface: 127.0.0.1
+ interface: ::1
+ interface: 185.38.175.0
+ interface: 2a01:4260:1ab::
+
+ outgoing-interface: 185.38.175.0
+ outgoing-interface: 2a01:4260:1ab::
+ outgoing-port-permit: 32768-60999
+ outgoing-port-avoid: 0-32767
+
+ so-reuseport: yes
+ ip-transparent: yes
+ max-udp-size: 3072
+
+ access-control-tag: 127.0.0.1/32 "local"
+ access-control-tag: ::1/128 "local"
+
+ access-control: 185.38.175.0/24 allow
+ access-control: 10.42.0.0/16 allow
+ access-control-tag: 10.42.0.0/24 "local"
+ access-control-tag: 10.42.1.0/24 "local"
+ access-control-tag: 10.42.2.0/24 "local"
+ # not free wifi 10.42.3.0/24
+ access-control-tag: 10.42.4.0/24 "local"
+ access-control-tag: 10.42.5.0/24 "local"
+ access-control: 2a01:4260:1ab::/48 allow
+ access-control-tag: 2a01:4260:1ab:a::/64 "local"
+ access-control-tag: 2a01:4260:1ab:b::/64 "local"
+ access-control-tag: 2a01:4260:1ab:c::/64 "local"
+ # not free wifi 2a01:4260:1ab:d::/64
+ access-control-tag: 2a01:4260:1ab:e::/64 "local"
+ access-control-tag: 2a01:4260:1ab:f::/64 "local"
+
+ chroot: ""
+ username: "unbound"
+ directory: "/etc/unbound"
+
+ use-syslog: yes
+ log-time-ascii: yes
+
+ harden-glue: yes
+ harden-dnssec-stripped: yes
+ harden-below-nxdomain: yes
+ harden-referral-path: yes
+ qname-minimisation: yes
+
+ prefetch: yes
+ prefetch-key: yes
+ rrset-roundrobin: yes
+ minimal-responses: yes
+
+ module-config: "validator iterator"
+
+ trust-anchor-signaling: yes
+
+ trusted-keys-file: /etc/unbound/keys.d/*.key
+ auto-trust-anchor-file: "/var/lib/unbound/root.key"
+
+ val-clean-additional: yes
+ val-permissive-mode: no
+ serve-expired: yes
+ val-log-level: 1
+
+ local-zone: a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static
+ local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800"
+ local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk."
+
+ local-zone: s. static
+ local-zone-tag: s. "local"
+ local-data: "s. IN SOA space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800"
+ local-data: "s. IN NS space.labitat.dk."
+ local-data: "s. IN A 10.42.1.1"
+ local-data: "s. IN AAAA 2a01:4260:1ab::"
+ local-data: "labitrack.s. IN A 185.38.175.70"
+ local-data: "labitrack.s. IN AAAA 2a01:4260:1ab::cafe"
+ local-data: "track.s. IN A 185.38.175.70"
+ local-data: "track.s. IN AAAA 2a01:4260:1ab::cafe"
+ local-data: "ap.s. IN A 10.42.0.2"
+ local-data-ptr: "10.42.0.2 ap.s."
+ local-data: "doorputer.s. IN A 10.42.0.3"
+ local-data-ptr: "10.42.0.3 doorputer.s."
+ local-data: "foodputer.s. IN A 10.42.0.4"
+ local-data-ptr: "10.42.0.4 foodputer.s."
+ local-data: "ap1.s. IN A 10.42.0.5"
+ local-data-ptr: "10.42.0.5 ap1.s."
+ local-data: "ap2.s. IN A 10.42.0.6"
+ local-data-ptr: "10.42.0.6 ap2.s."
+ local-data: "switch.s. IN A 10.42.0.9"
+ local-data-ptr: "10.42.0.9 switch.s."
+ local-data: "lathe.s. IN A 10.42.0.12"
+ local-data-ptr: "10.42.0.12 lathe.s."
+ local-data: "anna.s. IN A 10.42.1.9"
+ local-data-ptr: "10.42.1.9 anna.s."
+ local-data: "printbrother.s. IN A 10.42.1.32"
+ local-data-ptr: "10.42.1.32 printbrother.s."
+ local-data: "infotron.s. IN A 10.42.1.34"
+ local-data-ptr: "10.42.1.34 infotron.s."
+ local-data: "spacemon.s. IN A 10.42.1.35"
+ local-data-ptr: "10.42.1.35 spacemon.s."
+ local-data: "jumbotron.s. IN A 10.42.1.36"
+ local-data-ptr: "10.42.1.36 jumbotron.s."
+ local-data: "hplaserjet.s. IN A 10.42.1.37"
+ local-data-ptr: "10.42.1.37 hplaserjet.s."
+ local-data: "labisound.s. IN A 10.42.1.40"
+ local-data-ptr: "10.42.1.40 labisound.s."
+ local-data: "sound.s. IN A 10.42.1.80"
+ local-data-ptr: "10.42.1.80 sound.s."
+
+remote-control:
+ control-enable: yes
+ control-use-cert: no
+ control-interface: "/run/unbound/control"