Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ad5de49d26 | |||
| f8b323cbb2 |
@@ -1,6 +1,6 @@
|
||||
-- /etc/dnsdist/dnsdist.conf: dndist conf. file for cantal
|
||||
--
|
||||
-- Last edition : 2025-07-06
|
||||
-- Last edition : 2025-07-07
|
||||
-- Last editor : @Campanu
|
||||
--
|
||||
|
||||
@@ -58,7 +58,8 @@ addDOHLocal(
|
||||
minTLSVersion = "tls1.2",
|
||||
ciphers = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384",
|
||||
ciphersTLS13 = "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384",
|
||||
customResponseHeaders={["link"]="<https://cantal.luc-geo.fr/#dns> rel=\"service-meta\";type=\"text/html\""}
|
||||
customResponseHeaders={["link"]="<https://cantal.luc-geo.fr/#dns> rel=\"service-meta\";type=\"text/html\""},
|
||||
tcpFastOpenQueueSize = 256
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# /etc/unbound/unbound.conf : unbound conf. file for cantal
|
||||
#
|
||||
# Last edition : 2025-07-06
|
||||
# Last edition : 2025-07-17
|
||||
# Last editor : @Campanu
|
||||
#
|
||||
|
||||
@@ -31,7 +31,7 @@ server:
|
||||
|
||||
## Root hints file
|
||||
root-hints: "/etc/unbound/root.hints"
|
||||
|
||||
|
||||
# Security & privacy
|
||||
harden-algo-downgrade: yes
|
||||
harden-glue: yes
|
||||
@@ -39,23 +39,26 @@ server:
|
||||
hide-version: yes
|
||||
qname-minimisation: yes
|
||||
val-clean-additional: yes
|
||||
|
||||
|
||||
# DNSSEC
|
||||
harden-below-nxdomain: yes
|
||||
harden-dnssec-stripped: yes
|
||||
|
||||
auto-trust-anchor-file: "/etc/unbound/dnssec/root.key"
|
||||
|
||||
|
||||
## Disabling capitalization randomization to avoid DNSSEC issues
|
||||
use-caps-for-id: no
|
||||
|
||||
|
||||
## RFC 8198: Aggressive Use of DNSSEC-Validated Cache
|
||||
aggressive-nsec: yes
|
||||
|
||||
|
||||
# Tweaks
|
||||
num-threads: 2
|
||||
so-reuseport: yes
|
||||
|
||||
so-rcvbuf: 4m
|
||||
so-sndbuf: 4m
|
||||
|
||||
prefetch: yes
|
||||
prefetch-key: yes
|
||||
|
||||
@@ -66,34 +69,38 @@ server:
|
||||
rrset-cache-slabs: 2
|
||||
infra-cache-slabs: 2
|
||||
key-cache-slabs: 2
|
||||
|
||||
|
||||
neg-cache-size: 4m
|
||||
key-cache-size: 16m
|
||||
msg-cache-size: 128m
|
||||
rrset-cache-size: 256m
|
||||
|
||||
msg-cache-size: 64m
|
||||
rrset-cache-size: 128m
|
||||
|
||||
infra-cache-numhosts: 100000
|
||||
|
||||
|
||||
## TTL
|
||||
cache-min-ttl: 60
|
||||
cache-max-ttl: 86400
|
||||
|
||||
|
||||
# RFC 8914: Extended DNS Errors
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
|
||||
# RFC 8767: Serving Stale Data
|
||||
serve-expired: yes
|
||||
|
||||
# RFC 8767: Serving Stale Data
|
||||
serve-expired: yes
|
||||
serve-expired-ttl: 86400
|
||||
serve-expired-ttl-reset: no
|
||||
serve-expired-reply-ttl: 30
|
||||
serve-expired-client-timeout: 1800
|
||||
|
||||
|
||||
# Logging
|
||||
use-syslog: no
|
||||
logfile: "/var/log/unbound.log"
|
||||
verbosity: 1
|
||||
log-time-ascii: yes
|
||||
|
||||
log-queries: no
|
||||
log-replies: no
|
||||
log-servfail: no
|
||||
log-local-actions: no
|
||||
|
||||
remote-control:
|
||||
control-enable: no
|
||||
|
||||
Reference in New Issue
Block a user