Update unwanted-reply-threshhold to 10m per recommendation

Disable use-caps-for-id

Disable num-thread specification

Add so-rcvbuf
This commit is contained in:
stoXe
2021-06-19 02:22:04 +00:00
parent 87bb4b3aef
commit 8cac08d3c4
+6 -3
View File
@@ -183,14 +183,14 @@ server:
# When it reaches the threshold, a defensive action of clearing the rrset
# and message caches is taken, hopefully flushing away any poison.
# Unbound suggests a value of 10 million.
unwanted-reply-threshold: 10000
unwanted-reply-threshold: 10000000
# Use 0x20-encoded random bits in the query to foil spoof attempts. This
# perturbs the lowercase and uppercase of query names sent to authority
# servers and checks if the reply still has the correct casing.
# This feature is an experimental implementation of draft dns-0x20.
# Experimental option.
use-caps-for-id: yes
#use-caps-for-id: yes
# Help protect users that rely on this validator for authentication from
# potentially bad data in the additional section. Instruct the validator to
@@ -241,7 +241,7 @@ server:
# The number of threads to create to serve clients.
# This is set dynamically at run time to effectively use available CPUs
# resources
num-threads: 3
#num-threads: 3
# Number of ports to open. This number of file descriptors can be opened
# per thread.
@@ -283,6 +283,9 @@ server:
# incoming queries to threads more evenly.
so-reuseport: yes
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
###########################################################################
# LOCAL ZONE
###########################################################################