From d262b3d839a559ce10e1f166220cf7bb75da5370 Mon Sep 17 00:00:00 2001 From: Petko Bordjukov Date: Mon, 2 Nov 2015 05:57:09 +0200 Subject: [PATCH] Initial unbound configuration Add access control, listen to the wildcard interfaces and add Debian's config files. --- dns-unbound/unbound.conf | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/dns-unbound/unbound.conf b/dns-unbound/unbound.conf index 53d98ce..f084a94 100644 --- a/dns-unbound/unbound.conf +++ b/dns-unbound/unbound.conf @@ -1,10 +1,3 @@ -# -# Example configuration file. -# -# See unbound.conf(5) man page, version 1.4.22. -# -# this is a comment. - #Use this to include other text into the file. #include: "otherfile.conf" @@ -38,6 +31,8 @@ server: # interface: 192.0.2.154 # interface: 192.0.2.154@5003 # interface: 2001:DB8::5 + interface: 0.0.0.0 + interface: ::0 # enable this feature to copy the source address of queries to reply. # Socket options are not supported on all platforms. experimental. @@ -173,11 +168,16 @@ server: # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). - # access-control: 0.0.0.0/0 refuse - # access-control: 127.0.0.0/8 allow - # access-control: ::0/0 refuse - # access-control: ::1 allow - # access-control: ::ffff:127.0.0.1 allow + access-control: 0.0.0.0/0 refuse + access-control: 127.0.0.0/8 allow + access-control: 10.0.0.0/8 allow + access-control: ::0/0 refuse + access-control: ::1 allow + access-control: ::ffff:127.0.0.1 allow + access-control: 2a01:b760:abc:2::/64 allow + access-control: 2a01:b760:abc:3::/64 allow + access-control: 2a01:b760:abc:4::/64 allow + access-control: 2a01:b760:abc:5::/64 allow # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, @@ -589,3 +589,5 @@ remote-control: # forward-zone: # name: "example.org" # forward-host: fwd.example.com + +include: "/etc/unbound/unbound.conf.d/*.conf"