1 Index: doc/example.conf.in
2 ===================================================================
3 --- a/doc/example.conf.in
4 +++ b/doc/example.conf.in
5 @@ -15,6 +15,76 @@ server:
6 # verbosity number, 0 is least verbose. 1 is default.
9 + ############################################################################
10 + # MEMORY CONTROL EXAMPLE
11 + # In the example config settings below memory usage is reduced. Some ser-
12 + # vice levels are lower, notable very large data and a high TCP load are
13 + # no longer supported ... are exceptional for the DNS.
14 + # (http://unbound.net/documentation/unbound.conf.html)
15 + ############################################################################
17 + # Self jail Unbound with user "unbound" to /var/lib/unbound
18 + # The script /etc/init.d/unbound will setup the location
20 + directory: "/var/lib/unbound"
21 + chroot: "/var/lib/unbound"
23 + # The pid file is created before privleges drop so no concern
24 + pidfile: "/var/run/unbound.pid"
26 + # no threads and no memory slabs for threads
29 + rrset-cache-slabs: 1
30 + infra-cache-slabs: 1
33 + # don't be picky about interfaces but consider your firewall
36 + access-control: 0.0.0.0/0 allow
37 + access-control: ::0/0 allow
39 + # this limits TCP service but uses less buffers
43 + # use somewhat higher port numbers versus possible NAT issue
44 + outgoing-port-permit: "10240-65335"
46 + # uses less memory but less performance
48 + num-queries-per-thread: 30
50 + # exclude large responses
51 + msg-buffer-size: 8192
54 + infra-cache-numhosts: 200
55 + msg-cache-size: 100k
56 + rrset-cache-size: 100k
57 + key-cache-size: 100k
60 + # gentle on recursion
61 + target-fetch-policy: "2 1 0 0 0 0"
62 + harden-large-queries: yes
63 + harden-short-bufsize: yes
65 + # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
66 + # -anchor-file:" The init script will copy root key to /var/lib/unbound.
67 + # See package documentation for crontab entry to copy RFC5011 results back.
68 + #module-config: "validator iterator"
69 + #auto-trust-anchor-file: "/var/lib/unbound/root.key"
71 + # DNSSEC needs real time to validate signatures. If your device does not
72 + # have power off clock (reboot), then you may need this work around.
73 + #domain-insecure: "pool.ntp.org"
75 + ############################################################################
76 + # Resume Stock example.conf.in
77 + ############################################################################
79 # print statistics to the log (for every thread) every N seconds.
80 # Set to "" or 0 to disable. Default is disabled.
81 # statistics-interval: 0