ulogd: moved to github
[openwrt.org/packages.git] / net / 001-conf.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -38,6 +38,8 @@ server:
        # interface: 192.0.2.154
        # interface: 192.0.2.154@5003
        # interface: 2001:DB8::5
+       interface: 0.0.0.0
+       interface: ::0
 
        # enable this feature to copy the source address of queries to reply.
        # Socket options are not supported on all platforms. experimental. 
@@ -57,6 +59,7 @@ server:
        # port range that can be open simultaneously.  About double the
        # num-queries-per-thread, or, use as many as the OS will allow you.
        # outgoing-range: 4096
+       outgoing-range: 60
 
        # permit unbound to use this port number or port range for
        # making outgoing queries, using an outgoing interface.
@@ -73,9 +76,11 @@ server:
 
        # number of outgoing simultaneous tcp buffers to hold per thread.
        # outgoing-num-tcp: 10
+       outgoing-num-tcp: 1
 
        # number of incoming simultaneous tcp buffers to hold per thread.
        # incoming-num-tcp: 10
+       incoming-num-tcp: 1
 
        # buffer size for UDP port 53 incoming (SO_RCVBUF socket option).
        # 0 is system default.  Use 4m to catch query spikes for busy servers.
@@ -99,18 +104,22 @@ server:
        # buffer size for handling DNS data. No messages larger than this
        # size can be sent or received, by UDP or TCP. In bytes.
        # msg-buffer-size: 65552
+       msg-buffer-size: 8192
 
        # the amount of memory to use for the message cache.
        # plain value in bytes or you can append k, m or G. default is "4Mb". 
        # msg-cache-size: 4m
+       msg-cache-size: 100k
 
        # the number of slabs to use for the message cache.
        # the number of slabs must be a power of 2.
        # more slabs reduce lock contention, but fragment memory usage.
        # msg-cache-slabs: 4
+       msg-cache-slabs: 1
 
        # the number of queries that a thread gets to service.
        # num-queries-per-thread: 1024
+       num-queries-per-thread: 30
 
        # if very busy, 50% queries run to completion, 50% get timeout in msec
        # jostle-timeout: 200
@@ -121,11 +130,13 @@ server:
        # the amount of memory to use for the RRset cache.
        # plain value in bytes or you can append k, m or G. default is "4Mb". 
        # rrset-cache-size: 4m
+       rrset-cache-size: 100k
 
        # the number of slabs to use for the RRset cache.
        # the number of slabs must be a power of 2.
        # more slabs reduce lock contention, but fragment memory usage.
        # rrset-cache-slabs: 4
+       rrset-cache-slabs: 1
 
        # the time to live (TTL) value lower bound, in seconds. Default 0.
        # If more than an hour could easily give trouble due to stale data.
@@ -143,9 +154,11 @@ server:
        # the number of slabs must be a power of 2.
        # more slabs reduce lock contention, but fragment memory usage.
        # infra-cache-slabs: 4
+       infra-cache-slabs: 1
 
        # the maximum number of hosts that are cached (roundtrip, EDNS, lame).
        # infra-cache-numhosts: 10000
+       infra-cache-numhosts: 200
 
        # Enable IPv4, "yes" or "no".
        # do-ip4: yes
@@ -178,6 +191,8 @@ server:
        # access-control: ::0/0 refuse
        # access-control: ::1 allow
        # access-control: ::ffff:127.0.0.1 allow
+       access-control: 0.0.0.0/0 allow
+       access-control: ::0/0 allow
 
        # if given, a chroot(2) is done to the given directory.
        # i.e. you can chroot to the working directory, for example,
@@ -208,6 +223,7 @@ server:
        # and the given username is assumed. Default is user "unbound".
        # If you give "" no privileges are dropped.
        # username: "@UNBOUND_USERNAME@"
+       username: ""
 
        # the working directory. The relative files in this config are 
        # relative to this directory. If you give "" the working directory
@@ -230,10 +246,12 @@ server:
 
        # the pid file. Can be an absolute path outside of chroot/work dir.
        # pidfile: "@UNBOUND_PIDFILE@"
+       pidfile: "/var/run/unbound.pid"
 
        # file to read root hints from.
        # get one from ftp://FTP.INTERNIC.NET/domain/named.cache
        # root-hints: ""
+       root-hints: "/etc/unbound/named.cache"
 
        # enable to not answer id.server and hostname.bind queries.
        # hide-identity: no
@@ -256,12 +274,15 @@ server:
        #       positive value: fetch that many targets opportunistically.
        # Enclose the list of numbers between quotes ("").
        # target-fetch-policy: "3 2 1 0 0"
+       target-fetch-policy: "2 1 0 0 0 0"
 
        # Harden against very small EDNS buffer sizes. 
        # harden-short-bufsize: no
+       harden-short-bufsize: yes
 
        # Harden against unseemly large queries.
        # harden-large-queries: no
+       harden-large-queries: yes
 
        # Harden against out of zone rrsets, to avoid spoofing attempts. 
        # harden-glue: yes
@@ -342,7 +363,7 @@ server:
        # you start unbound (i.e. in the system boot scripts).  And enable:
        # Please note usage of unbound-anchor root anchor is at your own risk
        # and under the terms of our LICENSE (see that file in the source).
-       # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+       auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
 
        # File with DLV trusted keys. Same format as trust-anchor-file.
        # There can be only one DLV configured, it is trusted from root down.
@@ -428,15 +449,18 @@ server:
        # the amount of memory to use for the key cache.
        # plain value in bytes or you can append k, m or G. default is "4Mb". 
        # key-cache-size: 4m
+       key-cache-size: 100k
 
        # the number of slabs to use for the key cache.
        # the number of slabs must be a power of 2.
        # more slabs reduce lock contention, but fragment memory usage.
        # key-cache-slabs: 4
+       key-cache-slabs: 1
 
        # the amount of memory to use for the negative cache (used for DLV).
        # plain value in bytes or you can append k, m or G. default is "1Mb". 
        # neg-cache-size: 1m
+       neg-cache-size: 10k
 
        # By default, for a number of zones a small default 'nothing here'
        # reply is built-in.  Query traffic is thus blocked.  If you
 
comments