diff options
Diffstat (limited to 'doc/example.conf.in')
| -rw-r--r-- | doc/example.conf.in | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/doc/example.conf.in b/doc/example.conf.in index 83e7c5c4c4e96..5b185e0e97e8b 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.6.1. +# See unbound.conf(5) man page, version 1.6.2. # # this is a comment. @@ -19,6 +19,14 @@ server: # Set to "" or 0 to disable. Default is disabled. # statistics-interval: 0 + # enable shm for stats, default no. if you enable also enable + # statistics-interval, every time it also writes stats to the + # shared memory segment keyed with shm-key. + # shm-enable: no + + # shm for stats uses this key, and key+1 for the shared mem segment. + # shm-key: 11777 + # enable cumulative statistics, without clearing them after printing. # statistics-cumulative: no @@ -308,6 +316,9 @@ server: # enable to not answer version.server and version.bind queries. # hide-version: no + + # enable to not answer trustanchor.unbound queries. + # hide-trustanchor: no # the identity to report. Leave "" or default to return hostname. # identity: "" @@ -771,7 +782,28 @@ remote-control: # name: "viewname" # local-zone: "example.com" redirect # local-data: "example.com A 192.0.2.3" +# local-data-ptr: "192.0.2.3 www.example.com" # view-first: no # view: # name: "anotherview" # local-zone: "example.com" refuse + +# DNSCrypt +# Caveats: +# 1. the keys/certs cannot be produced by unbound. You can use dnscrypt-wrapper +# for this: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage +# 2. dnscrypt channel attaches to an interface. you MUST set interfaces to +# listen on `dnscrypt-port` with the follo0wing snippet: +# server: +# interface: 0.0.0.0@443 +# interface: ::0@443 +# +# Finally, `dnscrypt` config has its own section. +# dnscrypt: +# dnscrypt-enable: yes +# dnscrypt-port: 443 +# dnscrypt-provider: 2.dnscrypt-cert.example.com. +# dnscrypt-secret-key: /path/unbound-conf/keys1/1.key +# dnscrypt-secret-key: /path/unbound-conf/keys2/1.key +# dnscrypt-provider-cert: /path/unbound-conf/keys1/1.cert +# dnscrypt-provider-cert: /path/unbound-conf/keys2/1.cert |