You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

81 lines
2.7 KiB

  1. diff --git a/doc/example.conf.in b/doc/example.conf.in
  2. index be83bda..7317b23 100644
  3. --- a/doc/example.conf.in
  4. +++ b/doc/example.conf.in
  5. @@ -15,6 +15,76 @@ server:
  6. # verbosity number, 0 is least verbose. 1 is default.
  7. verbosity: 1
  8. + ############################################################################
  9. + # MEMORY CONTROL EXAMPLE
  10. + # In the example config settings below memory usage is reduced. Some ser-
  11. + # vice levels are lower, notable very large data and a high TCP load are
  12. + # no longer supported ... are exceptional for the DNS.
  13. + # (http://unbound.net/documentation/unbound.conf.html)
  14. + ############################################################################
  15. +
  16. + # Self jail Unbound with user "unbound" to /var/lib/unbound
  17. + # The script /etc/init.d/unbound will setup the location
  18. + username: "unbound"
  19. + directory: "/var/lib/unbound"
  20. + chroot: "/var/lib/unbound"
  21. +
  22. + # The pid file is created before privleges drop so no concern
  23. + pidfile: "/var/run/unbound.pid"
  24. +
  25. + # no threads and no memory slabs for threads
  26. + num-threads: 1
  27. + msg-cache-slabs: 1
  28. + rrset-cache-slabs: 1
  29. + infra-cache-slabs: 1
  30. + key-cache-slabs: 1
  31. +
  32. + # don't be picky about interfaces but consider your firewall
  33. + interface: 0.0.0.0
  34. + interface: ::0
  35. + access-control: 0.0.0.0/0 allow
  36. + access-control: ::0/0 allow
  37. +
  38. + # this limits TCP service but uses less buffers
  39. + outgoing-num-tcp: 1
  40. + incoming-num-tcp: 1
  41. +
  42. + # use somewhat higher port numbers versus possible NAT issue
  43. + outgoing-port-permit: "10240-65335"
  44. +
  45. + # uses less memory but less performance
  46. + outgoing-range: 60
  47. + num-queries-per-thread: 30
  48. +
  49. + # exclude large responses
  50. + msg-buffer-size: 8192
  51. +
  52. + # tiny memory cache
  53. + infra-cache-numhosts: 200
  54. + msg-cache-size: 100k
  55. + rrset-cache-size: 100k
  56. + key-cache-size: 100k
  57. + neg-cache-size: 10k
  58. +
  59. + # gentle on recursion
  60. + target-fetch-policy: "2 1 0 0 0 0"
  61. + harden-large-queries: yes
  62. + harden-short-bufsize: yes
  63. +
  64. + # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
  65. + # -anchor-file:" The init script will copy root key to /var/lib/unbound.
  66. + # See package documentation for crontab entry to copy RFC5011 results back.
  67. + #module-config: "validator iterator"
  68. + #auto-trust-anchor-file: "/var/lib/unbound/root.key"
  69. +
  70. + # DNSSEC needs real time to validate signatures. If your device does not
  71. + # have power off clock (reboot), then you may need this work around.
  72. + #domain-insecure: "pool.ntp.org"
  73. +
  74. + ############################################################################
  75. + # Resume Stock example.conf.in
  76. + ############################################################################
  77. +
  78. # print statistics to the log (for every thread) every N seconds.
  79. # Set to "" or 0 to disable. Default is disabled.
  80. # statistics-interval: 0