From c535a8e4974bdc71f14d0f396a7a01e686aa610f Mon Sep 17 00:00:00 2001
From: Jiri Kalvoda <jirikalvoda@kam.mff.cuni.cz>
Date: Thu, 23 May 2024 11:47:33 +0200
Subject: [PATCH] UNBOUND

---
 network/dns/unbound.conf | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/network/dns/unbound.conf b/network/dns/unbound.conf
index e4f14eb..da40bed 100644
--- a/network/dns/unbound.conf
+++ b/network/dns/unbound.conf
@@ -176,7 +176,7 @@ server:
 
 	# The number of retries, per upstream nameserver in a delegation, when
 	# a throwaway response (also timeouts) is received.
-	# outbound-msg-retry: 5
+	outbound-msg-retry: 10
 
 	# Hard limit on the number of outgoing queries Unbound will make while
 	# resolving a name, making sure large NS sets do not loop.
@@ -446,7 +446,7 @@ server:
 	# log-local-actions: no
 
 	# print log lines that say why queries return SERVFAIL to clients.
-	# log-servfail: no
+	log-servfail: yes
 
 	# the pid file. Can be an absolute path outside of chroot/work dir.
 	# pidfile: "/run/unbound.pid"
@@ -577,6 +577,9 @@ server:
 	domain-insecure: "home"
 	domain-insecure: "lan"
 
+	domain-insecure: "dyn.blatto.eu"
+	domain-insecure: "cdwifi.cz"
+
 	# If nonzero, unwanted replies are not only reported in statistics,
 	# but also a running total is kept per thread. If it reaches the
 	# threshold, a warning is printed and a defensive action is taken,
@@ -597,7 +600,7 @@ server:
 	prefetch: yes
 
 	# if yes, perform key lookups adjacent to normal lookups.
-	# prefetch-key: no
+	prefetch-key: yes
 
 	# deny queries of type ANY with an empty response.
 	# deny-any: no
@@ -666,7 +669,7 @@ server:
 
 	# The time to live for bogus data, rrsets and messages. This avoids
 	# some of the revalidation, until the time interval expires. in secs.
-	# val-bogus-ttl: 60
+	val-bogus-ttl: 1
 
 	# The signature inception and expiration dates are allowed to be off
 	# by 10% of the signature lifetime (expir-incep) from our local clock.
@@ -1344,4 +1347,12 @@ remote-control:
 # 	forward-first: yes
 # 	forward-no-cache: no
 
-include: "/etc/unbound/resolvconf.conf"
+forward-zone:
+        name: "blatto.eu"
+        forward-addr: 2a01:510:d504:751b::1
+
+
+forward-zone:
+	name: "."
+	forward-addr: 2a01:510:d504:751b::1
+
-- 
GitLab