diff --git a/doc/example.conf.in b/doc/example.conf.in
-index 60ed5c8..abd85f9 100644
+index ff90e3b..5c20fdf 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -38,6 +38,8 @@ server:
+ interface: ::0
# enable this feature to copy the source address of queries to reply.
- # Socket options are not supported on all platforms. experimental.
+ # Socket options are not supported on all platforms. experimental.
@@ -57,6 +59,7 @@ server:
# port range that can be open simultaneously. About double the
# num-queries-per-thread, or, use as many as the OS will allow you.
# buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
# 0 is system default. Use 4m to catch query spikes for busy servers.
-@@ -99,18 +104,22 @@ server:
+@@ -103,18 +108,22 @@ server:
# buffer size for handling DNS data. No messages larger than this
# size can be sent or received, by UDP or TCP. In bytes.
# msg-buffer-size: 65552
+ msg-buffer-size: 8192
# the amount of memory to use for the message cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
# msg-cache-size: 4m
+ msg-cache-size: 100k
# if very busy, 50% queries run to completion, 50% get timeout in msec
# jostle-timeout: 200
-@@ -121,11 +130,13 @@ server:
+@@ -125,11 +134,13 @@ server:
# the amount of memory to use for the RRset cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
# rrset-cache-size: 4m
+ rrset-cache-size: 100k
# the time to live (TTL) value lower bound, in seconds. Default 0.
# If more than an hour could easily give trouble due to stale data.
-@@ -146,9 +157,11 @@ server:
+@@ -153,9 +164,11 @@ server:
# the number of slabs must be a power of 2.
# more slabs reduce lock contention, but fragment memory usage.
# infra-cache-slabs: 4
# Enable IPv4, "yes" or "no".
# do-ip4: yes
-@@ -181,6 +194,8 @@ server:
+@@ -188,6 +201,8 @@ server:
# access-control: ::0/0 refuse
# access-control: ::1 allow
# access-control: ::ffff:127.0.0.1 allow
# if given, a chroot(2) is done to the given directory.
# i.e. you can chroot to the working directory, for example,
-@@ -211,6 +226,7 @@ server:
+@@ -218,6 +233,7 @@ server:
# and the given username is assumed. Default is user "unbound".
# If you give "" no privileges are dropped.
# username: "@UNBOUND_USERNAME@"
+ username: ""
- # the working directory. The relative files in this config are
+ # the working directory. The relative files in this config are
# relative to this directory. If you give "" the working directory
-@@ -233,10 +249,12 @@ server:
+@@ -240,10 +256,12 @@ server:
# the pid file. Can be an absolute path outside of chroot/work dir.
# pidfile: "@UNBOUND_PIDFILE@"
+ pidfile: "/var/run/unbound.pid"
# file to read root hints from.
- # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
+ # get one from https://www.internic.net/domain/named.cache
# root-hints: ""
+ root-hints: "/etc/unbound/named.cache"
# enable to not answer id.server and hostname.bind queries.
# hide-identity: no
-@@ -259,12 +277,15 @@ server:
+@@ -266,12 +284,15 @@ server:
# positive value: fetch that many targets opportunistically.
# Enclose the list of numbers between quotes ("").
# target-fetch-policy: "3 2 1 0 0"
+ target-fetch-policy: "2 1 0 0 0 0"
- # Harden against very small EDNS buffer sizes.
+ # Harden against very small EDNS buffer sizes.
# harden-short-bufsize: no
+ harden-short-bufsize: yes
# harden-large-queries: no
+ harden-large-queries: yes
- # Harden against out of zone rrsets, to avoid spoofing attempts.
+ # Harden against out of zone rrsets, to avoid spoofing attempts.
# harden-glue: yes
-@@ -345,7 +366,7 @@ server:
+@@ -367,7 +388,7 @@ server:
# you start unbound (i.e. in the system boot scripts). And enable:
# Please note usage of unbound-anchor root anchor is at your own risk
# and under the terms of our LICENSE (see that file in the source).
# File with DLV trusted keys. Same format as trust-anchor-file.
# There can be only one DLV configured, it is trusted from root down.
-@@ -431,15 +452,18 @@ server:
+@@ -456,15 +477,18 @@ server:
# the amount of memory to use for the key cache.
- # plain value in bytes or you can append k, m or G. default is "4Mb".
+ # plain value in bytes or you can append k, m or G. default is "4Mb".
# key-cache-size: 4m
+ key-cache-size: 100k
+ key-cache-slabs: 1
# the amount of memory to use for the negative cache (used for DLV).
- # plain value in bytes or you can append k, m or G. default is "1Mb".
+ # plain value in bytes or you can append k, m or G. default is "1Mb".
# neg-cache-size: 1m
+ neg-cache-size: 10k
projects / feed / packages.git / commitdiff