summaryrefslogtreecommitdiff
path: root/doc/example.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/example.conf.in')
-rw-r--r--doc/example.conf.in14
1 files changed, 9 insertions, 5 deletions
diff --git a/doc/example.conf.in b/doc/example.conf.in
index 2260ba2544ab..072bd8d21138 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
-# See unbound.conf(5) man page, version 1.7.1.
+# See unbound.conf(5) man page, version 1.7.2.
#
# this is a comment.
@@ -223,7 +223,8 @@ server:
# to this server. Specify classless netblocks with /size and action.
# By default everything is refused, except for localhost.
# Choose deny (drop message), refuse (polite error reply),
- # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
+ # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
+ # allow_snoop (recursive and nonrecursive ok)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
# access-control: 0.0.0.0/0 refuse
@@ -372,7 +373,7 @@ server:
# Sent minimum amount of information to upstream servers to enhance
# privacy. Only sent minimum required labels of the QNAME and set QTYPE
# to A when possible.
- # qname-minimisation: no
+ # qname-minimisation: yes
# QNAME minimisation in strict mode. Do not fall-back to sending full
# QNAME to potentially broken nameservers. A lot of domains will not be
@@ -681,8 +682,11 @@ server:
# Certificates used to authenticate connections made upstream.
# tls-cert-bundle: ""
+ # Add system certs to the cert bundle, from the Windows Cert Store
+ # tls-win-cert: no
+
# Also serve tls on these port numbers (eg. 443, ...), by listing
- # additional-tls-port: portno for each of the port numbers.
+ # tls-additional-ports: portno for each of the port numbers.
# DNS64 prefix. Must be specified when DNS64 is use.
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
@@ -725,7 +729,7 @@ server:
# low-rtt: 45
# select low rtt this many times out of 1000. 0 means the fast server
# select is disabled. prefetches are not sped up.
- # low-rtt-pct: 0
+ # low-rtt-permil: 0
# Specific options for ipsecmod. unbound needs to be configured with
# --enable-ipsecmod for these to take effect.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 08:26:01 +0000