cd5cae33ce
this changes unbound to listen to 127.0.0.150 (150 is roman CL) we cannot only bind on docker bridge because unbound is relied upon for the initial domain setup. docker itself is only initialized when the platform initializes
22 lines
692 B
Plaintext
22 lines
692 B
Plaintext
# Unbound is used primarily for RBL queries (host 2.0.0.127.zen.spamhaus.org)
|
|
# We cannot use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)
|
|
|
|
server:
|
|
port: 53
|
|
interface: 127.0.0.150
|
|
interface: 172.18.0.1
|
|
ip-freebind: yes
|
|
do-ip6: yes
|
|
access-control: 127.0.0.1 allow
|
|
access-control: 172.18.0.1/16 allow
|
|
cache-max-negative-ttl: 30
|
|
cache-max-ttl: 300
|
|
# enable below for logging to journalctl -u unbound
|
|
# verbosity: 5
|
|
# log-queries: yes
|
|
|
|
# https://github.com/NLnetLabs/unbound/issues/806
|
|
remote-control:
|
|
control-enable: no
|
|
|