From fb9a3ce33872475f36c2f3f53fe4d19bb06c83e5 Mon Sep 17 00:00:00 2001 From: Vladimir Vitkov Date: Thu, 24 Oct 2019 00:38:53 +0300 Subject: [PATCH] Add some static local hosts in unbound --- misc/unbound/unbound.conf.d/local-hosts.conf | 30 +++++++++++++++++++ .../unbound.conf.d/qname-minimisation.conf | 9 ++++++ .../root-auto-trust-anchor-file.conf | 4 +++ 3 files changed, 43 insertions(+) create mode 100644 misc/unbound/unbound.conf.d/local-hosts.conf create mode 100644 misc/unbound/unbound.conf.d/qname-minimisation.conf create mode 100644 misc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf diff --git a/misc/unbound/unbound.conf.d/local-hosts.conf b/misc/unbound/unbound.conf.d/local-hosts.conf new file mode 100644 index 0000000..b56629e --- /dev/null +++ b/misc/unbound/unbound.conf.d/local-hosts.conf @@ -0,0 +1,30 @@ +server: + local-data: "vin 30 in a 10.20.0.1" + local-data-ptr: "10.20.0.1 30 vin" + + local-data: "coresw 30 in a 10.20.0.11" + local-data-ptr: "10.20.0.11 30 coresw" + + local-data: "f0sw 30 in a 10.20.0.27" + local-data-ptr: "10.20.0.27 30 f0sw" + + local-data: "nocsw 30 in a 10.20.0.28" + local-data-ptr: "10.20.0.28 30 nocsw" + + local-data: "receptionsw 30 in a 10.20.0.25" + local-data-ptr: "10.20.0.25 30 receptionsw" + + local-data: "teamsw 30 in a 10.20.0.26" + local-data-ptr: "10.20.0.26 30 teamsw" + + local-data: "vocsw-a 30 in a 10.20.0.21" + local-data-ptr: "10.20.0.21 30 vocsw-a" + + local-data: "vocsw-b 30 in a 10.20.0.22" + local-data-ptr: "10.20.0.22 30 vocsw-b" + + local-data: "vocsw-c 30 in a 10.20.0.23" + local-data-ptr: "10.20.0.23 30 vocsw-c" + + local-data: "vocsw-d 30 in a 10.20.0.24" + local-data-ptr: "10.20.0.24 30 vocsw-d" diff --git a/misc/unbound/unbound.conf.d/qname-minimisation.conf b/misc/unbound/unbound.conf.d/qname-minimisation.conf new file mode 100644 index 0000000..94a2ab0 --- /dev/null +++ b/misc/unbound/unbound.conf.d/qname-minimisation.conf @@ -0,0 +1,9 @@ +server: + # Send minimum amount of information to upstream servers to enhance + # privacy. Only sends minimum required labels of the QNAME and sets + # QTYPE to NS when possible. + + # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for + # details. + + qname-minimisation: yes diff --git a/misc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf b/misc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf new file mode 100644 index 0000000..433eff9 --- /dev/null +++ b/misc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf @@ -0,0 +1,4 @@ +server: + # The following line will configure unbound to perform cryptographic + # DNSSEC validation using the root trust anchor. + auto-trust-anchor-file: "/var/lib/unbound/root.key"