forked from ISTI-ansible-roles/ansible-roles
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
---
|
|
unbound_pkgs:
|
|
- unbound
|
|
- unbound-anchor
|
|
- unbound-host
|
|
- dnsutils
|
|
|
|
unbound_interfaces:
|
|
- '0.0.0.0'
|
|
- '::0'
|
|
|
|
unbound_allowed_clients:
|
|
- { cidr: '0.0.0.0/0', policy: 'allow' }
|
|
|
|
unbound_prefetch: 'yes'
|
|
unbound_verbosity: 1
|
|
unbound_threads: '{{ ansible_processor_count }}'
|
|
|
|
unbound_remote_control: 'yes'
|
|
unbound_remote_IP: '127.0.0.1'
|
|
|
|
unbound_rrset_cache_size: 100m
|
|
unbound_rrset_msg_cache_size: 50m
|
|
# Larger socket buffer. OS may need config.
|
|
unbound_so_rcvbuf: 4m
|
|
unbound_so_sndbuf: 4m
|
|
# Faster UDP with multithreading (only on Linux).
|
|
unbound_so_reuseport: 'yes'
|
|
# with libevent
|
|
unbound_num_queries_per_thread: 4096
|
|
|
|
unbound_max_negative_ttl: 3600
|
|
|
|
unbound_hide_identity: 'yes'
|
|
unbound_hide_version: 'yes'
|
|
unbound_qname_minimisation: 'no'
|
|
unbound_val_clean_additional: 'yes'
|
|
# The following is experimental
|
|
unbound_use_caps_for_id: 'no'
|
|
unbound_unwanted_reply_threshold: '10000000'
|
|
unbound_do_not_query_localhost: 'no'
|
|
unbound_rrset_roundrobin: 'yes'
|
|
unbound_unblock_lan_zones: 'no'
|
|
unbound_do_ipv6: 'yes'
|
|
|
|
unbound_private_addresses: []
|
|
unbound_private_domains: []
|
|
# Stub zones
|
|
# One of stub_host or stub_addr must be defined
|
|
# stub_prime and stub_first are both optional, default 'yes'
|
|
#unbound_stub_zones:
|
|
# - { name: '', stub_addr: '', stub_host: '', stub_prime: '', stub_first: '' }
|