unbound: tweak settings

This commit is contained in:
Erwin Boskma 2024-03-06 08:16:29 +01:00
parent 767934e2d4
commit dcdc3bbb92
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk

View file

@ -18,6 +18,7 @@
hide-identity = true; hide-identity = true;
hide-version = true; hide-version = true;
identity = "Server";
# Trust glue only if it is within the server's authority # Trust glue only if it is within the server's authority
harden-glue = true; harden-glue = true;
@ -43,17 +44,30 @@
# This attempts to reduce latency by serving the outdated record before # This attempts to reduce latency by serving the outdated record before
# updating it instead of the other way around. Alternative is to increase # updating it instead of the other way around. Alternative is to increase
# cache-min-ttl to e.g. 3600. # cache-min-ttl to e.g. 3600.
cache-min-ttl = 0; cache-min-ttl = 300;
cache-max-ttl = 86400;
serve-expired = true; serve-expired = true;
# Set cache size. rrset-cache-size should be twice what msg-cache-size is
rrset-cache-size = "256m"; rrset-cache-size = "256m";
msg-cache-size = "128m"; msg-cache-size = "128m";
msg-cache-slabs = 4; msg-cache-slabs = 4;
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on
# small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads = 2; num-threads = 2;
# Leave sections that are not requested out of the response message
# Reduces response message significantly and may prevent TCP fallback
# for some responses
minimal-response = true;
# Ensure kernel buffer is large enough to not lose messages in traffic spikes # Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf = "8m"; so-rcvbuf = "8m";
so-sndbuf = "8m";
# Improve UDP performance with multithreading
so-reuseport = true;
# Ensure privacy of local IP ranges # Ensure privacy of local IP ranges
private-address = [ private-address = [