diff options
Diffstat (limited to 'contrib/unbound/doc/example.conf.in')
-rw-r--r-- | contrib/unbound/doc/example.conf.in | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in index 2260ba2544ab..072bd8d21138 100644 --- a/contrib/unbound/doc/example.conf.in +++ b/contrib/unbound/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.7.1. +# See unbound.conf(5) man page, version 1.7.2. # # this is a comment. @@ -223,7 +223,8 @@ server: # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Choose deny (drop message), refuse (polite error reply), - # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) + # allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on), + # allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). # access-control: 0.0.0.0/0 refuse @@ -372,7 +373,7 @@ server: # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE # to A when possible. - # qname-minimisation: no + # qname-minimisation: yes # QNAME minimisation in strict mode. Do not fall-back to sending full # QNAME to potentially broken nameservers. A lot of domains will not be @@ -681,8 +682,11 @@ server: # Certificates used to authenticate connections made upstream. # tls-cert-bundle: "" + # Add system certs to the cert bundle, from the Windows Cert Store + # tls-win-cert: no + # Also serve tls on these port numbers (eg. 443, ...), by listing - # additional-tls-port: portno for each of the port numbers. + # tls-additional-ports: portno for each of the port numbers. # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. @@ -725,7 +729,7 @@ server: # low-rtt: 45 # select low rtt this many times out of 1000. 0 means the fast server # select is disabled. prefetches are not sped up. - # low-rtt-pct: 0 + # low-rtt-permil: 0 # Specific options for ipsecmod. unbound needs to be configured with # --enable-ipsecmod for these to take effect. |