tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

unbound: Add some configuration options.

This commit is contained in:
Andrea Dell'Amico 2020-06-17 17:53:11 +02:00
parent 239486756d
commit ee6b7be6a2
2 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
library/roles/unbound-resolver/defaults/main.yml
View File

@ -27,11 +27,22 @@ unbound_so_sndbuf: 4m
# Faster UDP with multithreading (only on Linux). # Faster UDP with multithreading (only on Linux).
unbound_so_reuseport: 'yes' unbound_so_reuseport: 'yes'
# with libevent # with libevent
unbound_outgoing_range: 8192
unbound_num_queries_per_thread: 4096 unbound_num_queries_per_thread: 4096
unbound_max_negative_ttl: 3600 unbound_max_negative_ttl: 3600
unbound_hide_identity: 'yes'
unbound_hide_version: 'yes'
unbound_qname_minimisation: 'no'
unbound_val_clean_additional: 'yes'
# The following is experimental
unbound_use_caps_for_id: 'no'
unbound_unwanted_reply_threshold: '10000000'
unbound_do_not_query_localhost: 'no'
unbound_rrset_roundrobin: 'yes'
unbound_unblock_lan_zones: 'no'
unbound_do_ipv6: 'yes'
unbound_private_addresses: [] unbound_private_addresses: []
unbound_private_domains: [] unbound_private_domains: []
# Stub zones # Stub zones

32
library/roles/unbound-resolver/templates/unbound-server.conf
View File

@ -26,7 +26,7 @@ server:
# more outgoing connections # more outgoing connections
# depends on number of cores: 1024/cores - 50 # depends on number of cores: 1024/cores - 50
outgoing-range: {{ 1024 // unbound_threads - 50 }} outgoing-range: {{ 1024 * unbound_threads - 50 }}
# Larger socket buffer. OS may need config. # Larger socket buffer. OS may need config.
so-rcvbuf: {{ unbound_so_rcvbuf }} so-rcvbuf: {{ unbound_so_rcvbuf }}
@ -38,24 +38,18 @@ server:
# Faster UDP with multithreading (only on Linux). # Faster UDP with multithreading (only on Linux).
so-reuseport: {{ unbound_so_reuseport }} so-reuseport: {{ unbound_so_reuseport }}
# with libevent # with libevent
outgoing-range: {{ unbound_outgoing_range }} num-queries-per-thread: {{ unbound_num_queries_per_thread }}
num-queries-per-thread: {{ unbound_num_queries_per_thread }} hide-identity: {{ unbound_hide_identity }}
hide-identity: yes hide-version: {{ unbound_hide_version }}
hide-version: yes qname-minimisation: {{ unbound_qname_minimisation }}
harden-short-bufsize: yes # The following is experimental
harden-large-queries: yes use-caps-for-id: {{ unbound_use_caps_for_id }}
harden-glue: yes unwanted-reply-threshold: {{ unbound_unwanted_reply_threshold }}
harden-dnssec-stripped: yes do-not-query-localhost: {{ unbound_do_not_query_localhost }}
harden-below-nxdomain: yes rrset-roundrobin: {{ unbound_rrset_roundrobin }}
harden-algo-downgrade: yes val-clean-additional: {{ unbound_val_clean_additional }}
qname-minimisation: yes unblock-lan-zones: {{ unbound_unblock_lan_zones }}
use-caps-for-id: yes do-ip6: {{ unbound_do_ipv6 }}
unwanted-reply-threshold: 10000
do-not-query-localhost: no
prefetch: yes
rrset-roundrobin: yes
minimal-responses: yes
val-clean-additional: yes
# #
{% if ansible_service_mgr == 'systemd' %} {% if ansible_service_mgr == 'systemd' %}
use-systemd: yes use-systemd: yes