In the beginning there was darkness
This commit is contained in:
commit
7a539b2b52
7
Bastillefile
Normal file
7
Bastillefile
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
PKG unbound ca_root_nss
|
||||||
|
CMD mkdir /usr/local/etc/unbound/conf.d
|
||||||
|
CMD fetch https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o - | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\"\n"}' > /usr/local/etc/unbound/conf.d/ads.conf
|
||||||
|
SYSRC unbound_enable=YES
|
||||||
|
SERVICE unbound start
|
||||||
|
RDR TCP 53 53
|
||||||
|
RDR UDP 53 53
|
92
usr/local/etc/unbound/etc/root.hints
Normal file
92
usr/local/etc/unbound/etc/root.hints
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
; This file holds the information on root name servers needed to
|
||||||
|
; initialize cache of Internet domain name servers
|
||||||
|
; (e.g. reference this file in the "cache . <file>"
|
||||||
|
; configuration file of BIND domain name servers).
|
||||||
|
;
|
||||||
|
; This file is made available by InterNIC
|
||||||
|
; under anonymous FTP as
|
||||||
|
; file /domain/named.cache
|
||||||
|
; on server FTP.INTERNIC.NET
|
||||||
|
; -OR- RS.INTERNIC.NET
|
||||||
|
;
|
||||||
|
; last update: December 20, 2023
|
||||||
|
; related version of root zone: 2023122001
|
||||||
|
;
|
||||||
|
; FORMERLY NS.INTERNIC.NET
|
||||||
|
;
|
||||||
|
. 3600000 NS A.ROOT-SERVERS.NET.
|
||||||
|
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
|
||||||
|
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
|
||||||
|
;
|
||||||
|
; FORMERLY NS1.ISI.EDU
|
||||||
|
;
|
||||||
|
. 3600000 NS B.ROOT-SERVERS.NET.
|
||||||
|
B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
|
||||||
|
B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
|
||||||
|
;
|
||||||
|
; FORMERLY C.PSI.NET
|
||||||
|
;
|
||||||
|
. 3600000 NS C.ROOT-SERVERS.NET.
|
||||||
|
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
|
||||||
|
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
|
||||||
|
;
|
||||||
|
; FORMERLY TERP.UMD.EDU
|
||||||
|
;
|
||||||
|
. 3600000 NS D.ROOT-SERVERS.NET.
|
||||||
|
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
|
||||||
|
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
|
||||||
|
;
|
||||||
|
; FORMERLY NS.NASA.GOV
|
||||||
|
;
|
||||||
|
. 3600000 NS E.ROOT-SERVERS.NET.
|
||||||
|
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
|
||||||
|
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
|
||||||
|
;
|
||||||
|
; FORMERLY NS.ISC.ORG
|
||||||
|
;
|
||||||
|
. 3600000 NS F.ROOT-SERVERS.NET.
|
||||||
|
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
|
||||||
|
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
|
||||||
|
;
|
||||||
|
; FORMERLY NS.NIC.DDN.MIL
|
||||||
|
;
|
||||||
|
. 3600000 NS G.ROOT-SERVERS.NET.
|
||||||
|
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
|
||||||
|
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
|
||||||
|
;
|
||||||
|
; FORMERLY AOS.ARL.ARMY.MIL
|
||||||
|
;
|
||||||
|
. 3600000 NS H.ROOT-SERVERS.NET.
|
||||||
|
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
|
||||||
|
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
|
||||||
|
;
|
||||||
|
; FORMERLY NIC.NORDU.NET
|
||||||
|
;
|
||||||
|
. 3600000 NS I.ROOT-SERVERS.NET.
|
||||||
|
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
|
||||||
|
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
|
||||||
|
;
|
||||||
|
; OPERATED BY VERISIGN, INC.
|
||||||
|
;
|
||||||
|
. 3600000 NS J.ROOT-SERVERS.NET.
|
||||||
|
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
|
||||||
|
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
|
||||||
|
;
|
||||||
|
; OPERATED BY RIPE NCC
|
||||||
|
;
|
||||||
|
. 3600000 NS K.ROOT-SERVERS.NET.
|
||||||
|
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
|
||||||
|
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
|
||||||
|
;
|
||||||
|
; OPERATED BY ICANN
|
||||||
|
;
|
||||||
|
. 3600000 NS L.ROOT-SERVERS.NET.
|
||||||
|
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
|
||||||
|
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
|
||||||
|
;
|
||||||
|
; OPERATED BY WIDE
|
||||||
|
;
|
||||||
|
. 3600000 NS M.ROOT-SERVERS.NET.
|
||||||
|
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
|
||||||
|
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
|
||||||
|
; End of file
|
1
usr/local/etc/unbound/root.key
Normal file
1
usr/local/etc/unbound/root.key
Normal file
@ -0,0 +1 @@
|
|||||||
|
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
|
50
usr/local/etc/unbound/unbound.conf
Normal file
50
usr/local/etc/unbound/unbound.conf
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
## Simple recursive caching DNS, UDP port 53
|
||||||
|
## unbound.conf -- https://calomel.org
|
||||||
|
#
|
||||||
|
server:
|
||||||
|
access-control: 10.0.0.0/8 allow
|
||||||
|
access-control: 127.0.0.0/8 allow
|
||||||
|
access-control: 192.168.0.0/16 allow
|
||||||
|
access-control: 0.0.0.0/0 allow
|
||||||
|
#aggressive-nsec: yes
|
||||||
|
cache-max-ttl: 14400
|
||||||
|
cache-min-ttl: 1200
|
||||||
|
do-ip4: yes
|
||||||
|
do-ip6: yes
|
||||||
|
do-udp: yes
|
||||||
|
do-tcp: yes
|
||||||
|
hide-identity: yes
|
||||||
|
hide-version: yes
|
||||||
|
interface-automatic: yes
|
||||||
|
prefetch: yes
|
||||||
|
root-hints: "etc/root.hints"
|
||||||
|
rrset-roundrobin: yes
|
||||||
|
so-reuseport: yes
|
||||||
|
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
|
||||||
|
use-caps-for-id: yes
|
||||||
|
verbosity: 0
|
||||||
|
include: "/etc/unbound/conf.d/ads.conf"
|
||||||
|
|
||||||
|
# Unbound from pkg built with libevent; increase threads and slabs to the
|
||||||
|
# number of real cpu cores to reduce lock contention. Increase cache size to
|
||||||
|
# store more records and allow each thread to serve an increased number of
|
||||||
|
# concurrent client requests.
|
||||||
|
# num-threads: 4
|
||||||
|
# msg-cache-slabs: 4
|
||||||
|
# rrset-cache-slabs: 4
|
||||||
|
# infra-cache-slabs: 4
|
||||||
|
# key-cache-slabs: 4
|
||||||
|
# msg-cache-size: 256M
|
||||||
|
# rrset-cache-size: 512M
|
||||||
|
# outgoing-range: 8192
|
||||||
|
# num-queries-per-thread: 4096
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "."
|
||||||
|
forward-tls-upstream: yes
|
||||||
|
forward-addr: 1.0.0.1@853#one.one.one.one
|
||||||
|
forward-addr: 1.1.1.1@853#one.one.one.one
|
||||||
|
forward-addr: 8.8.4.4@853#dns.google
|
||||||
|
forward-addr: 8.8.8.8@853#dns.google
|
||||||
|
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||||
|
forward-addr: 149.112.112.112@853#dns.quad9.net
|
Loading…
Reference in New Issue
Block a user