diff options
| author | Aaron LI <aly@aaronly.me> | 2018-02-24 17:49:06 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:28:44 +0800 |
| commit | 5fcd532b648824d947ec009d8d63508b9d3be7fa (patch) | |
| tree | c12f3cc6dcd16eaef2ead40b630bf95efcc98bc5 /roles/dns/files | |
| parent | 30724d5f9f13530d7d81a51e6b040970bab49c00 (diff) | |
| download | ansible-dfly-vps-5fcd532b648824d947ec009d8d63508b9d3be7fa.tar.bz2 | |
dns/unbound: update config and enable remote-control
Diffstat (limited to 'roles/dns/files')
| -rw-r--r-- | roles/dns/files/unbound.conf | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/roles/dns/files/unbound.conf b/roles/dns/files/unbound.conf index 18e3ae6..848945c 100644 --- a/roles/dns/files/unbound.conf +++ b/roles/dns/files/unbound.conf @@ -58,16 +58,11 @@ server: statistics-interval: 7200 # Enable or disable whether IPv4 queries are answered or issued. - # Default: yes do-ip4: yes # Enable or disable whether IPv6 queries are answered or issued. do-ip6: yes - # Whether prefer IPv6 transport for sending queries? - # Default: no - #prefer-ip6: no - # Enable or disable whether UDP queries are answered or issued. # Default: yes do-udp: yes @@ -126,14 +121,30 @@ server: # Default: 1 (operational info). verbosity: 1 - # The log file, "" means log to stderr. - # NOTE: set the below "use-syslog" to "no" when to use this option. - logfile: "/usr/local/etc/unbound/unbound.log" - - # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to - # NOTE: will override the above "logfile" option if enabled. - #use-syslog: no + # Log messages to syslog(3) with the LOG_DAEMON facility. use-syslog: yes + # + # Log messages to the specified file. + #use-syslog: no + #logfile: "/usr/local/etc/unbound/unbound.log" + +# Remote control config section. +# +remote-control: + # Enable remote control with unbound-control(8) here. + control-enable: yes + + # Interfaces listened to for remote control. + control-interface: 127.0.0.1 + control-interface: ::1 + + # Server and unbound-control key and certificate files. + # Set up the keys and certificates with unbound-control-setup. + control-use-cert: yes + server-key-file: "/usr/local/etc/unbound/unbound_server.key" + server-cert-file: "/usr/local/etc/unbound/unbound_server.pem" + control-key-file: "/usr/local/etc/unbound/unbound_control.key" + control-cert-file: "/usr/local/etc/unbound/unbound_control.pem" # WARNING: |