diff --git a/unbound/pi-hole.conf b/unbound/pi-hole.conf index 98bc8309..dd3523e8 100644 --- a/unbound/pi-hole.conf +++ b/unbound/pi-hole.conf @@ -1,19 +1,29 @@ -# /etc/unbound/unbound.conf.d/pi-hole.conf - server: + # *** Optimierung **** - # Performance optimization [Zelo72] + ## Anm.: ändern, Werte schon vorhanden cache-min-ttl: 0 + # Achtung: folgender Wert kann Probleme verursachen. Bei Fehlern/Fehlersuche immer testweise diesen Wert zurücksetzen. + # randomisiert Anfragen in Groß-/Kleinschreibung um spoofing zu erschweren + #use-caps-for-id: yes + + ## Anm.: entfernen / auskommentieren #cache-max-ttl: 86400 + + ## Anm.: neue Werte + # increase cache to utilize more RAM msg-cache-size: 128m rrset-cache-size: 256m + + # serve expired entries (but refresh instantly after serving) serve-expired: yes - + + # ********************* + # If no logfile is specified, syslog is used # logfile: "/var/log/unbound/unbound.log" verbosity: 0 - #interface: 127.0.0.1 port: 5335 do-ip4: yes do-udp: yes @@ -22,14 +32,10 @@ server: # May be set to yes if you have IPv6 connectivity do-ip6: yes - # You want to leave this to no unless you have *native* IPv6. With 6to4 and - # Terredo tunnels your web browser should favor IPv4 for the same reasons - prefer-ip6: no - # Use this only when you downloaded the list of primary root servers! root-hints: "/var/lib/unbound/root.hints" - # Trust glue only if it is within the server's authority + # Trust glue only if it is within the servers authority harden-glue: yes # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS @@ -43,11 +49,15 @@ server: # Suggested by the unbound man page to reduce fragmentation reassembly problems edns-buffer-size: 1472 + # TTL bounds for cache + #cache-min-ttl: 3600 + #cache-max-ttl: 86400 + # Perform prefetching of close to expired message cache entries # This only applies to domains that have been frequently queried prefetch: yes - # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1. + # One thread should be sufficient, can be increased on beefy machines num-threads: 1 # Ensure kernel buffer is large enough to not lose messages in traffic spikes diff --git a/unbound/timesyncd.conf b/unbound/timesyncd.conf index ad113f10..c34fb1ed 100644 --- a/unbound/timesyncd.conf +++ b/unbound/timesyncd.conf @@ -1,6 +1,19 @@ -# /etc/systemd/timesyncd.conf +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See timesyncd.conf(5) for details. [Time] -# dismail.de NTP-Server NTP=213.136.94.10 80.241.218.68 78.46.223.134 FallbackNTP=pool.ntp.org +#RootDistanceMaxSec=5 +#PollIntervalMinSec=32 +#PollIntervalMaxSec=2048