.\" .\" unbound.conf.5 -- unbound.conf manual .\" .\" Copyright (c) 2007, NLnet Labs. All rights reserved. .\" .\" See LICENSE for the license. .\" .\" .Dd @date@ .Os FreeBSD .Dt unbound.conf 5 .Sh NAME .Nm unbound.conf .Nd Unbound configuration file. .Sh SYNOPSIS .Nm unbound.conf .Sh DESCRIPTION .Ic unbound.conf is used to configure .Xr unbound 8 . The file format has attributes and values. Some attributes have attributes inside them. The notation is: attribute: value. Comments start with # and last to the end of line. Empty lines are ignored as is whitespace at the beginning of a line. .El .Sh FILE FORMAT There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute is followed by its containing attributes, or a value. .Pp Files can be included using the .Ic include: directive. It can appear anywhere, and takes a single filename as an argument. Processing continues as if the text from the included file was copied into the config file at that point. .Ss Server Options There may only be one .Ic server: clause. .Bl -tag -width indent .It \fBverbosity:\fR The verbosity number, level 0 means no verbosity, only errors. Level 1 gives operational information. Level 2 gives query level information, output per query. Level 3 gives algorithm level information. Default is level 1. The verbosity can also be increased from the commandline, see .Xr unbound 8 . .It \fBnum-threads:\fR The number of threads to create to serve clients. Use 1 for no threading. .It \fBport:\fR The port number, default 53, on which the server responds to queries. .It \fBinterface:\fR Interface to use to connect to the network. Can be given multiple times to work on several interfaces. If none are given the default (all) is used. .It \fBoutgoing-port:\fR The starting port number where the outgoing query port range is allocated. Default is 1053. .It \fBoutgoing-range:\fR Number of ports to open. This number is opened per thread for every outgoing query interface. Must be at least 1. Default is 16. Larger numbers give more protection against spoofing attempts, but need extra resources from the operating system. .It \fBmsg-cache-size:\fR Number of bytes size of the message cache. Default is 4 megabytes. .It \fBmsg-cache-slabs:\fR Number of slabs in the message cache. Slabs reduce lock contention by threads. Must be set to a power of 2. Setting (close) to the number of cpus is a reasonable guess. .It \fBnum-queries-per-thread:\fR The number of queries that every thread will service simultaneously. .It \fBrrset-cache-size:\fR Number of bytes size of the RRset cache. Default is 4 megabytes. .It \fBrrset-cache-slabs:\fR Number of slabs in the RRset cache. Slabs reduce lock contention by threads. Must be set to a power of 2. .It \fBdo-ip4:\fR Enable or disable whether ip4 queries are answered. Default is yes. .It \fBdo-ip6:\fR Enable or disable whether ip6 queries are answered. Default is yes. .It \fBdo-udp:\fR Enable or disable whether UDP queries are answered. Default is yes. .It \fBdo-tcp:\fR Enable or disable whether TCP queries are answered. Default is yes. .It \fBforward-to:\fR If set (not "") then forwarder mode is enabled. Default is "" (disabled). The ip address is used to forward all DNS queries to. .It \fBforward-to-port:\fR The port on which the remote server is running that answers forwarded queries. Default is 53. .It \fBchroot:\fR If given a chroot is done to the given directory. The default is none (""). .It \fBusername:\fR If given, after binding the port the user privileges are dropped. Default is not to change user, username: "". If this user is not capable of binding the port, reloads (by signal HUP) will still retain the opened ports. If you change the port number in the config file, and that new port number requires privileges, then a restart is needed. .It \fBdirectory:\fR Sets the working directory for the program. .It \fBlogfile:\fR If "" is given, logging goes to stderr, or nowhere once daemonized. The logfile is appended to, in the following format: [seconds since 1970] unbound[pid:tid]: type: message. .It \fBpidfile:\fR The process id is written to the file. Default is "unbound.pid". So, kill -HUP `cat /etc/unbound/unbound.pid` will trigger a reload, kill -QUIT `cat /etc/unbound/unbound.pid` will gracefully terminate. .Sh FILES .Bl -tag -width indent .It Pa unbound.conf unbound configuration file. .El .Sh SEE ALSO .Xr unbound 8 .Sh AUTHORS .Ic Unbound was written by NLnet Labs. Please see CREDITS file in the distribution for further details.