sync with OpenBSD -current

This commit is contained in:
purplerain 2024-04-14 02:31:08 +00:00
parent 137d408ac1
commit e0d126d03b
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
143 changed files with 5355 additions and 3727 deletions

View file

@ -1,7 +1,7 @@
#
# Example configuration file.
#
# See unbound.conf(5) man page, version 1.19.2.
# See unbound.conf(5) man page, version 1.19.3.
#
# this is a comment.
@ -303,6 +303,7 @@ server:
# Choose deny (drop message), refuse (polite error reply),
# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
# allow_snoop (recursive and nonrecursive ok)
# allow_cookie (allow UDP with valid cookie or stateful transport)
# deny_non_local (drop queries unless can be answered from local-data)
# refuse_non_local (like deny_non_local but polite error reply).
# access-control: 127.0.0.0/8 allow
@ -441,6 +442,9 @@ server:
# filtering log-queries and log-replies from the log.
# log-tag-queryreply: no
# log with destination address, port and type for log-replies.
# log-destaddr: no
# log the local-zone actions, like local-zone type inform is enabled
# also for the other local zone types.
# log-local-actions: no
@ -983,6 +987,13 @@ server:
# if 0(default) it is disabled, otherwise states qps allowed per ip address
# ip-ratelimit: 0
# global query ratelimit for all ip addresses with a valid DNS Cookie.
# feature is experimental.
# if 0(default) it is disabled, otherwise states qps allowed per ip address
# useful in combination with 'allow_cookie'.
# If used, suggested to be higher than ip-ratelimit, tenfold.
# ip-ratelimit-cookie: 0
# ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
# ip-ratelimit-size: 4m
# ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
@ -1004,6 +1015,14 @@ server:
# the number of servers that will be used in the fast server selection.
# fast-server-num: 3
# reply to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018.
# answer-cookie: no
# secret for DNS Cookie generation.
# useful for anycast deployments.
# example value "000102030405060708090a0b0c0d0e0f".
# cookie-secret: <128 bit random hex string>
# Enable to attach Extended DNS Error codes (RFC8914) to responses.
# ede: no
@ -1150,7 +1169,7 @@ remote-control:
# sources of notifies.
# auth-zone:
# name: "."
# primary: 199.9.14.201 # b.root-servers.net
# primary: 170.247.170.2 # b.root-servers.net
# primary: 192.33.4.12 # c.root-servers.net
# primary: 199.7.91.13 # d.root-servers.net
# primary: 192.5.5.241 # f.root-servers.net
@ -1158,7 +1177,7 @@ remote-control:
# primary: 193.0.14.129 # k.root-servers.net
# primary: 192.0.47.132 # xfr.cjr.dns.icann.org
# primary: 192.0.32.132 # xfr.lax.dns.icann.org
# primary: 2001:500:200::b # b.root-servers.net
# primary: 2801:1b8:10::b # b.root-servers.net
# primary: 2001:500:2::c # c.root-servers.net
# primary: 2001:500:2d::d # d.root-servers.net
# primary: 2001:500:2f::f # f.root-servers.net