mirror of
https://github.com/optim-enterprises-bv/homelab.git
synced 2025-11-02 10:57:53 +00:00
fix(dns): tweak unbound setting again
Still some intermittent issues with DNS-resolving
This commit is contained in:
Vegard Hagen
@@ -19,8 +19,8 @@ dns:
|
|||||||
ratelimit_subnet_len_ipv6: 56
|
ratelimit_subnet_len_ipv6: 56
|
||||||
ratelimit_whitelist: [ ]
|
ratelimit_whitelist: [ ]
|
||||||
refuse_any: true
|
refuse_any: true
|
||||||
upstream_dns:
|
#upstream_dns:
|
||||||
- 10.96.0.11
|
# - 10.96.0.11
|
||||||
upstream_dns_file: ""
|
upstream_dns_file: ""
|
||||||
bootstrap_dns:
|
bootstrap_dns:
|
||||||
- 10.96.0.11
|
- 10.96.0.11
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ server:
|
|||||||
|
|
||||||
do-ip4: yes
|
do-ip4: yes
|
||||||
do-ip6: yes
|
do-ip6: yes
|
||||||
prefer-ip6: yes
|
prefer-ip6: no
|
||||||
do-tcp: yes
|
do-tcp: yes
|
||||||
do-udp: yes
|
do-udp: yes
|
||||||
|
|
||||||
@@ -24,7 +24,8 @@ server:
|
|||||||
log-servfail: yes
|
log-servfail: yes
|
||||||
|
|
||||||
logfile: /opt/unbound/etc/unbound/unbound.log
|
logfile: /opt/unbound/etc/unbound/unbound.log
|
||||||
verbosity: 2
|
log-time-ascii: yes
|
||||||
|
verbosity: 0
|
||||||
|
|
||||||
infra-cache-slabs: 4
|
infra-cache-slabs: 4
|
||||||
incoming-num-tcp: 10
|
incoming-num-tcp: 10
|
||||||
@@ -34,7 +35,7 @@ server:
|
|||||||
msg-cache-slabs: 4
|
msg-cache-slabs: 4
|
||||||
|
|
||||||
num-queries-per-thread: 4096
|
num-queries-per-thread: 4096
|
||||||
num-threads: 3
|
num-threads: 1
|
||||||
|
|
||||||
outgoing-range: 8192
|
outgoing-range: 8192
|
||||||
|
|
||||||
@@ -47,10 +48,13 @@ server:
|
|||||||
prefetch-key: yes
|
prefetch-key: yes
|
||||||
|
|
||||||
serve-expired: yes
|
serve-expired: yes
|
||||||
|
serve-expired-ttl: 172800 # between 86400 (1 day) and 259200 (3 days)
|
||||||
|
serve-expired-client-timeout: 1800 # RFC 8767 recommended value
|
||||||
|
|
||||||
so-reuseport: yes
|
so-reuseport: yes
|
||||||
|
so-rcvbuf: 1m
|
||||||
|
|
||||||
#aggressive-nsec: yes
|
aggressive-nsec: yes
|
||||||
|
|
||||||
delay-close: 10000
|
delay-close: 10000
|
||||||
|
|
||||||
@@ -60,7 +64,7 @@ server:
|
|||||||
|
|
||||||
neg-cache-size: 4M
|
neg-cache-size: 4M
|
||||||
|
|
||||||
#qname-minimisation: yes
|
qname-minimisation: yes
|
||||||
|
|
||||||
access-control: 127.0.0.1/32 allow
|
access-control: 127.0.0.1/32 allow
|
||||||
access-control: 192.168.0.0/16 allow
|
access-control: 192.168.0.0/16 allow
|
||||||
@@ -112,18 +116,18 @@ server:
|
|||||||
max-global-quota: 1000
|
max-global-quota: 1000
|
||||||
|
|
||||||
# https://github.com/NLnetLabs/unbound/issues/362
|
# https://github.com/NLnetLabs/unbound/issues/362
|
||||||
qname-minimisation: no
|
#qname-minimisation: no
|
||||||
aggressive-nsec: no
|
#aggressive-nsec: no
|
||||||
|
|
||||||
infra-keep-probing: yes
|
infra-keep-probing: yes
|
||||||
infra-cache-min-rtt: 1000
|
infra-cache-min-rtt: 2000
|
||||||
infra-cache-max-rtt: 2000
|
infra-cache-max-rtt: 15000
|
||||||
infra-host-ttl: 10
|
infra-host-ttl: 5
|
||||||
|
|
||||||
outbound-msg-retry: 128
|
outbound-msg-retry: 64
|
||||||
max-sent-count: 256
|
max-sent-count: 128
|
||||||
|
|
||||||
udp-connect: no
|
#udp-connect: no
|
||||||
|
|
||||||
#ede: yes
|
#ede: yes
|
||||||
|
|
||||||
|
|||||||
@@ -3,8 +3,10 @@ kind: Service
|
|||||||
metadata:
|
metadata:
|
||||||
name: unbound
|
name: unbound
|
||||||
namespace: dns
|
namespace: dns
|
||||||
|
annotations:
|
||||||
|
io.cilium/lb-ipam-ips: 192.168.1.252
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: LoadBalancer
|
||||||
# https://kubernetes.io/docs/concepts/services-networking/cluster-ip-allocation/
|
# https://kubernetes.io/docs/concepts/services-networking/cluster-ip-allocation/
|
||||||
clusterIP: 10.96.0.11
|
clusterIP: 10.96.0.11
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
Reference in New Issue
Block a user