WIP: new z9 ccchh router #98
1 changed files with 35 additions and 40 deletions
|
|
@ -2,17 +2,13 @@
|
||||||
# unbound.conf(5) man page
|
# unbound.conf(5) man page
|
||||||
server:
|
server:
|
||||||
{% if unbound_enable_dnssec -%}
|
{% if unbound_enable_dnssec -%}
|
||||||
# disable chroot because unbound is the only thing running on the VM
|
|
||||||
# and because it has issues with how archlinux configures the systemd units write protection regarding the anchor file
|
|
||||||
chroot: ""
|
|
||||||
|
|
||||||
# location of the trust anchor file that enables DNSSEC
|
# location of the trust anchor file that enables DNSSEC
|
||||||
# this file is generated by the `unbound-anchor` command
|
# this file is generated by the `unbound-anchor` command
|
||||||
|
bitwhisker marked this conversation as resolved
Outdated
|
|||||||
auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
|
auto-trust-anchor-file: "/etc/unbound/trusted-key.key"
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
# use all CPUs
|
# use all CPUs
|
||||||
num-threads: 2
|
num-threads: {{ ansible_facts['processor_vcpus'] }}
|
||||||
|
|
||||||
# more cache memory
|
# more cache memory
|
||||||
rrset-cache-size: 60m
|
rrset-cache-size: 60m
|
||||||
|
|
@ -69,5 +65,4 @@ auth-zone:
|
||||||
for-downstream: no
|
for-downstream: no
|
||||||
for-upstream: yes
|
for-upstream: yes
|
||||||
|
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue
Is this still relevant on Debian? Again, we don't use Arch Linux in our infra.