aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/unbound/unbound.inc100
1 files changed, 56 insertions, 44 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 40e623b5..120bc01b 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -258,49 +258,61 @@ function unbound_resync_config() {
$domain_overrides = unbound_add_domain_overrides();
$unbound_conf = <<<EOD
-# Unbound configuration
+#########################
+# Unbound configuration #
+#########################
+###
+# Server config
+###
server:
- verbosity: 1
- port: 53
- do-ip4: yes
- do-ip6: no
- do-udp: yes
- do-tcp: yes
- do-daemonize: yes
- statistics-interval: 300
- extended-statistics: yes
- statistics-cumulative: no
- {$unbound_bind_interfaces}
- chroot: ""
- username: "unbound"
- directory: "/usr/local/etc/unbound"
- pidfile: "/var/run/unbound.pid"
- root-hints: "root.hints"
- harden-dnssec-stripped: {$unbound_config['harden-dnssec-stripped']}
- harden-referral-path: no
- private-address: 10.0.0.0/8
- private-address: 172.16.0.0/12
- private-address: 192.168.0.0/16
- prefetch: yes
- prefetch-key: yes
- use-syslog: {$unbound_config['use-syslog']}
- module-config: "{$module_config}"
- unwanted-reply-threshold: 10000000
- {$anchor_file}
- access-control: 127.0.0.0/8 allow
- {$unbound_allowed_networks}
- {$host_entries}
- {$domain_overrides}
-
+verbosity: 1
+port: 53
+do-ip4: yes
+do-ip6: no
+do-udp: yes
+do-tcp: yes
+do-daemonize: yes
+statistics-interval: 300
+extended-statistics: yes
+statistics-cumulative: no
+# Interface IP(s) to bind to
+{$unbound_bind_interfaces}
+chroot: ""
+username: "unbound"
+directory: "/usr/local/etc/unbound"
+pidfile: "/var/run/unbound.pid"
+root-hints: "root.hints"
+harden-dnssec-stripped: {$unbound_config['harden-dnssec-stripped']}
+harden-referral-path: no
+private-address: 10.0.0.0/8
+private-address: 172.16.0.0/12
+private-address: 192.168.0.0/16
+prefetch: yes
+prefetch-key: yes
+use-syslog: {$unbound_config['use-syslog']}
+module-config: "{$module_config}"
+unwanted-reply-threshold: 10000000
+{$anchor_file}
+# Networks allowed to utilize service
+access-control: 127.0.0.0/8 allow
+{$unbound_allowed_networks}
+# Host entries
+{$host_entries}
+# Domain overrides
+{$domain_overrides}
+
+###
+# Remote Control Config
+###
remote-control:
- control-enable: yes
- control-interface: 127.0.0.1
- control-port: 953
- server-key-file: "/usr/local/etc/unbound/unbound_server.key"
- server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
- control-key-file: "/usr/local/etc/unbound/unbound_control.key"
- control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
+control-enable: yes
+control-interface: 127.0.0.1
+control-port: 953
+server-key-file: "/usr/local/etc/unbound/unbound_server.key"
+server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
+control-key-file: "/usr/local/etc/unbound/unbound_control.key"
+control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"
EOD;
@@ -388,9 +400,9 @@ function unbound_add_host_entries() {
foreach ($hosts as $host) {
$current_host = $host['host'];
if(!$added_item[$current_host]) {
- $host_entries .= "\tlocal-data: '{$host['host']}.{$host['domain']}. IN A {$host['ip']}'\n";
+ $host_entries .= "local-data: '{$host['host']}.{$host['domain']}. IN A {$host['ip']}'\n";
if (!empty($host['descr']))
- $host_entries .= "\tlocal-data: '{$host['host']}.{$host['domain']}. TXT \"{$host['descr']}\"'\n";
+ $host_entries .= "local-data: '{$host['host']}.{$host['domain']}. TXT \"{$host['descr']}\"'\n";
// Do not add duplicate entries
$added_item[$current_host] = true;
}
@@ -412,9 +424,9 @@ function unbound_add_domain_overrides() {
$current_domain = $domain['domain'];
if(!$added_item[$current_domain]) {
$domain_entries .= "local-zone: '{$domain['domain']}.' redirect\n";
- $domain_entries .= "\tlocal-data: '{$domain['domain']}. A {$domain['ip']}'\n";
+ $domain_entries .= "local-data: '{$domain['domain']}. A {$domain['ip']}'\n";
if (!empty($domain['descr']))
- $domain_entries .= "\tlocal-data: '{$domain['domain']}. TXT \"{$domain['descr']}\"'\n";
+ $domain_entries .= "local-data: '{$domain['domain']}. TXT \"{$domain['descr']}\"'\n";
// Do not add duplicate entries
$added_item[$current_domain] = true;
}