Adding configuration file of unbound, dnsdist and chrony

etc/unbound/unbound.conf

@@ -0,0 +1,99 @@
+# /etc/unbound/unbound.conf : unbound conf. file for cantal
+#
+# Last edition : 2025-07-06
+# Last editor : @Campanu
+#
+
+server:
+	# Modules
+	module-config: "validator iterator"
+	
+	# General
+	## Run as daemon
+	do-daemonize: yes
+	
+	## Listening interfaces
+	interface: 127.0.0.1
+	interface: ::1
+	port: 53
+	
+	## ACLs
+	access-control: 127.0.0.0/8 allow
+	access-control: ::1/128 allow
+	
+	## Network protocols
+	do-ip4: yes
+	do-ip6: yes
+	do-udp: yes
+	do-tcp: yes
+	prefer-ip6: yes
+	edns-tcp-keepalive: yes
+	
+	## Root hints file
+	root-hints: "/etc/unbound/root.hints"
+
+	# Security & privacy
+	harden-algo-downgrade: yes 
+	harden-glue: yes
+	hide-identity: yes
+	hide-version: yes
+	qname-minimisation: yes
+	val-clean-additional: yes
+
+	# DNSSEC
+	harden-below-nxdomain: yes
+	harden-dnssec-stripped: yes
+	
+	auto-trust-anchor-file: "/etc/unbound/dnssec/root.key"
+
+	## Disabling capitalization randomization to avoid DNSSEC issues
+	use-caps-for-id: no
+
+	## RFC 8198: Aggressive Use of DNSSEC-Validated Cache
+	aggressive-nsec: yes
+
+	# Tweaks
+	num-threads: 2
+	so-reuseport: yes
+	
+	prefetch: yes
+	prefetch-key: yes
+	
+	unwanted-reply-threshold: 10000
+	
+	# Cache & memory
+	msg-cache-slabs: 2
+	rrset-cache-slabs: 2
+	infra-cache-slabs: 2
+	key-cache-slabs: 2
+
+	neg-cache-size: 4m
+	key-cache-size: 16m
+	msg-cache-size: 128m
+	rrset-cache-size: 256m
+
+	infra-cache-numhosts: 100000
+
+	## TTL
+	cache-min-ttl: 60
+	cache-max-ttl: 86400
+
+	# RFC 8914: Extended DNS Errors
+	ede: yes
+	ede-serve-expired: yes
+
+    # RFC 8767: Serving Stale Data
+    serve-expired: yes
+	serve-expired-ttl: 86400
+	serve-expired-ttl-reset: no
+	serve-expired-reply-ttl: 30
+	serve-expired-client-timeout: 1800
+
+	# Logging
+	use-syslog: no
+	logfile: "/var/log/unbound.log"
+	verbosity: 1
+	log-time-ascii: yes
+
+remote-control:
+	control-enable: no