server: # This matches Unbound's default and the 2020 DNS Flag Day recommendation: # https://www.dnsflagday.net/2020/. Included here to be explicit. edns-buffer-size: 1232 directory: "." pidfile: "" logfile: "" chroot: "" username: "" log-replies: yes log-queries: yes log-tag-queryreply: yes log-servfail: yes val-log-level: 2 num-threads: 1 so-reuseport: yes verbosity: 5 use-syslog: no log-time-ascii: yes do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes tcp-upstream: no port: 1053 private-address: 192.168.0.0/16 # RFC 1918 private-address: 172.16.0.0/12 # RFC 1918 private-address: 10.0.0.0/8 # RFC 1918 private-address: 127.0.0.0/8 # RFC 5735 private-address: 0.0.0.0/8 # RFC 1122 Section 3.2.1.3 private-address: 169.254.0.0/16 # RFC 3927 private-address: 192.0.0.0/24 # RFC 5736 private-address: 192.0.2.0/24 # RFC 5735 private-address: 198.51.100.0/24 # RFC 5735 private-address: 203.0.113.0/24 # RFC 5735 private-address: 192.88.99.0/24 # RFC 3068 private-address: 198.18.0.0/15 # RFC 2544 private-address: 224.0.0.0/4 # RFC 3171 private-address: 240.0.0.0/4 # RFC 1112 private-address: 255.255.255.255/32 # RFC 919 Section 7 private-address: 100.64.0.0/10 # RFC 6598 private-address: ::/128 # RFC 4291: Unspecified Address private-address: ::1/128 # RFC 4291: Loopback Address private-address: ::ffff:0:0/96 # RFC 4291: IPv4-mapped Address private-address: 100::/64 # RFC 6666: Discard Address Block private-address: 2001::/23 # RFC 2928: IETF Protocol Assignments private-address: 2001:2::/48 # RFC 5180: Benchmarking private-address: 2001:db8::/32 # RFC 3849: Documentation private-address: 2001::/32 # RFC 4380: TEREDO private-address: fc00::/7 # RFC 4193: Unique-Local private-address: fe80::/10 # RFC 4291: Section 2.5.6 Link-Scoped Unicast private-address: ff00::/8 # RFC 4291: Section 2.7 do-not-query-address: 192.168.0.0/16 # RFC 1918 do-not-query-address: 172.16.0.0/12 # RFC 1918 do-not-query-address: 10.0.0.0/8 # RFC 1918 do-not-query-address: 169.254.0.0/16 do-not-query-address: 127.0.0.0/8 # RFC 5735 do-not-query-address: 0.0.0.0/8 # RFC 1122 Section 3.2.1.3 do-not-query-address: 169.254.0.0/16 # RFC 3927 do-not-query-address: 192.0.0.0/24 # RFC 5736 do-not-query-address: 192.0.2.0/24 do-not-query-address: 198.51.100.0/24 do-not-query-address: 203.0.113.0/24 do-not-query-address: 192.88.99.0/24 # RFC 3068 do-not-query-address: 192.18.0.0/15 # RFC 2544 do-not-query-address: 224.0.0.0/4 # RFC 3171 do-not-query-address: 240.0.0.0/4 # RFC 1112 do-not-query-address: 255.255.255.255/32 # RFC 919 Section 7 do-not-query-address: 100.64.0.0/10 # RFC 6598 do-not-query-address: ::/128 # RFC 4291: Unspecified Address do-not-query-address: ::1/128 # RFC 4291: Loopback Address do-not-query-address: ::ffff:0:0/96 # RFC 4291: IPv4-mapped Address do-not-query-address: 100::/64 # RFC 6666: Discard Address Block do-not-query-address: 2001::/23 # RFC 2928: IETF Protocol Assignments do-not-query-address: 2001:2::/48 # RFC 5180: Benchmarking do-not-query-address: 2001:db8::/32 # RFC 3849: Documentation do-not-query-address: 2001::/32 # RFC 4380: TEREDO do-not-query-address: fc00::/7 # RFC 4193: Unique-Local do-not-query-address: fe80::/10 # RFC 4291: Section 2.5.6 Link-Scoped Unicast do-not-query-address: ff00::/8 # RFC 4291: Section 2.7 hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes harden-below-nxdomain: no use-caps-for-id: yes cache-min-ttl: 0 cache-max-ttl: 0 cache-max-negative-ttl: 0 neg-cache-size: 0 prefetch: no unwanted-reply-threshold: 10000 do-not-query-localhost: yes val-clean-additional: yes val-sig-skew-max: 0 val-sig-skew-min: 0 ede: yes ipsecmod-enabled: no qname-minimisation: no qname-minimisation-strict: no