mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
184 lines
6.6 KiB
Text
184 lines
6.6 KiB
Text
server:
|
|
verbosity: 7
|
|
use-syslog: no
|
|
directory: ""
|
|
pidfile: "unbound.pid"
|
|
chroot: ""
|
|
username: ""
|
|
module-config: "respip validator iterator" # respip for the RPZ part
|
|
do-not-query-localhost: no
|
|
use-caps-for-id: no
|
|
define-tag: "one two refuse rpz-one rpz-two rpz-nx"
|
|
|
|
# Interface configuration for IPv4
|
|
interface: @IPV4_ADDR@@@PORT_ALLOW@
|
|
interface: @IPV4_ADDR@@@PORT_DENY@
|
|
interface: @IPV4_ADDR@@@PORT_REFUSE@
|
|
interface: @IPV4_ADDR@@@PORT_TAG_1@
|
|
interface: @IPV4_ADDR@@@PORT_TAG_2@
|
|
interface: @IPV4_ADDR@@@PORT_TAG_3@
|
|
interface: @IPV4_ADDR@@@PORT_RPZ_1@
|
|
interface: @IPV4_ADDR@@@PORT_RPZ_2@
|
|
interface: @IPV4_ADDR@@@PORT_RPZ_NX@
|
|
interface: @IPV4_ADDR@@@PORT_VIEW_INT@
|
|
interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
|
|
interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
|
|
|
|
interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
|
|
# interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse # This is the default action
|
|
interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
|
|
interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
|
|
|
|
interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one"
|
|
interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two"
|
|
interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse"
|
|
interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one"
|
|
interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two"
|
|
interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
|
|
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect
|
|
interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
|
|
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect
|
|
interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
|
|
interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse
|
|
|
|
interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
|
|
interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
|
|
interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
|
|
|
|
# Mirrored interface configuration for IPv6
|
|
interface: @IPV6_ADDR@@@PORT_ALLOW@
|
|
interface: @IPV6_ADDR@@@PORT_DENY@
|
|
interface: @IPV6_ADDR@@@PORT_REFUSE@
|
|
interface: @IPV6_ADDR@@@PORT_TAG_1@
|
|
interface: @IPV6_ADDR@@@PORT_TAG_2@
|
|
interface: @IPV6_ADDR@@@PORT_TAG_3@
|
|
interface: @IPV6_ADDR@@@PORT_RPZ_1@
|
|
interface: @IPV6_ADDR@@@PORT_RPZ_2@
|
|
interface: @IPV6_ADDR@@@PORT_RPZ_NX@
|
|
interface: @IPV6_ADDR@@@PORT_VIEW_INT@
|
|
interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
|
|
interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
|
|
|
|
interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
|
|
# interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse # This is the default action
|
|
interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
|
|
interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
|
|
|
|
interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one"
|
|
interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two"
|
|
interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse"
|
|
interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one"
|
|
interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two"
|
|
interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
|
|
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect
|
|
interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
|
|
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect
|
|
interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
|
|
interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse
|
|
|
|
interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
|
|
interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
|
|
interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
|
|
|
|
# Mirrored interface configuration for interface name
|
|
interface: @INTERFACE@@@PORT_ALLOW@
|
|
interface: @INTERFACE@@@PORT_DENY@
|
|
interface: @INTERFACE@@@PORT_REFUSE@
|
|
interface: @INTERFACE@@@PORT_TAG_1@
|
|
interface: @INTERFACE@@@PORT_TAG_2@
|
|
interface: @INTERFACE@@@PORT_TAG_3@
|
|
interface: @INTERFACE@@@PORT_RPZ_1@
|
|
interface: @INTERFACE@@@PORT_RPZ_2@
|
|
interface: @INTERFACE@@@PORT_RPZ_NX@
|
|
interface: @INTERFACE@@@PORT_VIEW_INT@
|
|
interface: @INTERFACE@@@PORT_VIEW_EXT@
|
|
interface: @INTERFACE@@@PORT_VIEW_INTEXT@
|
|
|
|
interface-action: @INTERFACE@@@PORT_ALLOW@ allow
|
|
interface-action: @INTERFACE@@@PORT_DENY@ deny
|
|
# interface-action: @INTERFACE@@@PORT_REFUSE@ refuse # This is the default action
|
|
interface-action: @INTERFACE@@@PORT_TAG_1@ allow
|
|
interface-action: @INTERFACE@@@PORT_TAG_2@ allow
|
|
interface-action: @INTERFACE@@@PORT_TAG_3@ allow
|
|
interface-action: @INTERFACE@@@PORT_RPZ_1@ allow
|
|
interface-action: @INTERFACE@@@PORT_RPZ_2@ allow
|
|
interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow
|
|
interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow
|
|
interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow
|
|
interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow
|
|
|
|
interface-tag: @INTERFACE@@@PORT_TAG_1@ "one"
|
|
interface-tag: @INTERFACE@@@PORT_TAG_2@ "two"
|
|
interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse"
|
|
interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one"
|
|
interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two"
|
|
interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx"
|
|
interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect
|
|
interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1"
|
|
interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect
|
|
interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2"
|
|
interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse
|
|
|
|
interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int"
|
|
interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext"
|
|
interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext"
|
|
|
|
# Local zones configuration
|
|
local-zone: local. transparent
|
|
local-data: "local. A 0.0.0.0"
|
|
local-zone-tag: local. "one two refuse"
|
|
|
|
# Views configuration
|
|
view:
|
|
name: "int"
|
|
view-first: yes
|
|
local-zone: "." refuse
|
|
local-zone: "internal" transparent
|
|
view:
|
|
name: "ext"
|
|
view-first: yes
|
|
local-zone: "internal" refuse
|
|
view:
|
|
name: "intext"
|
|
view-first: yes
|
|
|
|
# RPZ configuration
|
|
rpz:
|
|
name: "rpz-one"
|
|
zonefile: "rpz-one.zone"
|
|
tags: "rpz-one"
|
|
|
|
rpz:
|
|
name: "rpz-two"
|
|
zonefile: "rpz-two.zone"
|
|
tags: "rpz-two"
|
|
|
|
rpz:
|
|
name: "rpz-nx"
|
|
zonefile: "rpz-nx.zone"
|
|
tags: "rpz-nx"
|
|
|
|
# Stubs configuration
|
|
forward-zone:
|
|
name: "."
|
|
forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
|
|
|
|
stub-zone:
|
|
name: "internal"
|
|
stub-addr: @IPV4_ADDR@@@STUB_PORT@
|