diff --git a/unbound/unbound.conf b/unbound/unbound.conf index 3c7780e..d3a0bd2 100644 --- a/unbound/unbound.conf +++ b/unbound/unbound.conf @@ -183,14 +183,14 @@ server: # When it reaches the threshold, a defensive action of clearing the rrset # and message caches is taken, hopefully flushing away any poison. # Unbound suggests a value of 10 million. - unwanted-reply-threshold: 10000 + unwanted-reply-threshold: 10000000 # Use 0x20-encoded random bits in the query to foil spoof attempts. This # perturbs the lowercase and uppercase of query names sent to authority # servers and checks if the reply still has the correct casing. # This feature is an experimental implementation of draft dns-0x20. # Experimental option. - use-caps-for-id: yes + #use-caps-for-id: yes # Help protect users that rely on this validator for authentication from # potentially bad data in the additional section. Instruct the validator to @@ -241,7 +241,7 @@ server: # The number of threads to create to serve clients. # This is set dynamically at run time to effectively use available CPUs # resources - num-threads: 3 + #num-threads: 3 # Number of ports to open. This number of file descriptors can be opened # per thread. @@ -283,6 +283,9 @@ server: # incoming queries to threads more evenly. so-reuseport: yes + # Ensure kernel buffer is large enough to not lose messages in traffic spikes + so-rcvbuf: 1m + ########################################################################### # LOCAL ZONE ###########################################################################