82 lines
2.7 KiB
Plaintext
82 lines
2.7 KiB
Plaintext
server:
|
|
{% for interface in unbound_interfaces %}
|
|
interface: {{ interface }}
|
|
{% endfor %}
|
|
{% if keepalived_install is defined and keepalived_install %}
|
|
ip-transparent: yes
|
|
{% endif %}
|
|
interface-automatic: yes
|
|
{% for net in unbound_allowed_clients %}
|
|
access-control: {{ net.cidr }} {{ net.policy }}
|
|
{% endfor %}
|
|
verbosity: {{ unbound_verbosity }}
|
|
# use all CPUs
|
|
num-threads: {{ unbound_threads }}
|
|
prefetch: {{ unbound_prefetch }}
|
|
|
|
# power of 2 close to num-threads
|
|
msg-cache-slabs: {{ unbound_threads }}
|
|
rrset-cache-slabs: {{ unbound_threads }}
|
|
infra-cache-slabs: {{ unbound_threads }}
|
|
key-cache-slabs: {{ unbound_threads }}
|
|
|
|
# more cache memory, rrset=msg*2
|
|
rrset-cache-size: {{ unbound_rrset_cache_size }}
|
|
msg-cache-size: {{ unbound_rrset_msg_cache_size }}
|
|
|
|
# more outgoing connections
|
|
# depends on number of cores: 1024/cores - 50
|
|
outgoing-range: {{ 1024 * unbound_threads - 50 }}
|
|
|
|
# Larger socket buffer. OS may need config.
|
|
so-rcvbuf: {{ unbound_so_rcvbuf }}
|
|
so-sndbuf: {{ unbound_so_sndbuf }}
|
|
|
|
# Negative TTL
|
|
cache-max-negative-ttl: {{ unbound_max_negative_ttl }}
|
|
|
|
# Faster UDP with multithreading (only on Linux).
|
|
so-reuseport: {{ unbound_so_reuseport }}
|
|
# with libevent
|
|
num-queries-per-thread: {{ unbound_num_queries_per_thread }}
|
|
hide-identity: {{ unbound_hide_identity }}
|
|
hide-version: {{ unbound_hide_version }}
|
|
qname-minimisation: {{ unbound_qname_minimisation }}
|
|
# The following is experimental
|
|
use-caps-for-id: {{ unbound_use_caps_for_id }}
|
|
unwanted-reply-threshold: {{ unbound_unwanted_reply_threshold }}
|
|
do-not-query-localhost: {{ unbound_do_not_query_localhost }}
|
|
rrset-roundrobin: {{ unbound_rrset_roundrobin }}
|
|
val-clean-additional: {{ unbound_val_clean_additional }}
|
|
unblock-lan-zones: {{ unbound_unblock_lan_zones }}
|
|
do-ip6: {{ unbound_do_ipv6 }}
|
|
#
|
|
{% if ansible_service_mgr == 'systemd' %}
|
|
use-systemd: yes
|
|
do-daemonize: no
|
|
{% endif %}
|
|
|
|
{% for cidr in unbound_private_addresses %}
|
|
private-address: {{ cidr }}
|
|
{% endfor %}
|
|
{% for dom in unbound_private_domains %}
|
|
private-domain: {{ dom }}
|
|
{% endfor %}
|
|
|
|
{% if unbound_stub_zones is defined %}
|
|
{% for zone in unbound_stub_zones %}
|
|
stub-zone:
|
|
name: {{ zone.name }}
|
|
{% if zone.stub_host is defined %}
|
|
stub-host: {{ zone.stub_host }}
|
|
{% endif %}
|
|
{% if zone.stub_addr is defined %}
|
|
stub-addr: {{ zone.stub_addr }}
|
|
{% endif %}
|
|
stub-prime: {{ zone.stub_prime | default('no') }}
|
|
stub-first: {{ zone.stub_first | default('yes') }}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
|