1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -337,12 +337,9 @@
# print log lines that say why queries return SERVFAIL to clients.
# log-servfail: no
- # the pid file. Can be an absolute path outside of chroot/work dir.
- # pidfile: "@UNBOUND_PIDFILE@"
-
# file to read root hints from.
# get one from https://www.internic.net/domain/named.cache
- # root-hints: ""
+ root-hints: /usr/share/dns-root-hints/named.root
# enable to not answer id.server and hostname.bind queries.
# hide-identity: no
@@ -489,7 +486,7 @@
# you start unbound (i.e. in the system boot scripts). And enable:
# Please note usage of unbound-anchor root anchor is at your own risk
# and under the terms of our LICENSE (see that file in the source).
- # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+ # auto-trust-anchor-file: ""
# trust anchor signaling sends a RFC8145 key tag query after priming.
# trust-anchor-signaling: yes
@@ -506,7 +503,7 @@
# with several entries, one file per entry.
# Zone file format, with DS and DNSKEY entries.
# Note this gets out of date, use auto-trust-anchor-file please.
- # trust-anchor-file: ""
+ trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
# Trusted key for validation. DS or DNSKEY. specify the RR on a
# single line, surrounded by "". TTL is ignored. class is IN default.
@@ -841,12 +838,13 @@
remote-control:
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.
- # control-enable: no
+ control-enable: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
# set to an absolute path to use a unix local name pipe, certificates
# are not used for that, so key and cert files need not be present.
+ control-interface: /run/unbound.control.sock
# control-interface: 127.0.0.1
# control-interface: ::1
|
