# The server clause sets the main parameters. server: verbosity: 1 statistics-interval: 0 statistics-cumulative: no extended-statistics: no num-threads: 4 interface: 200.17.33.89 interface-automatic: no port: 53 outgoing-interface: 200.17.33.89 outgoing-range: 100 outgoing-num-tcp: 50 incoming-num-tcp: 50 so-reuseport: no edns-buffer-size: 4096 max-udp-size: 4096 msg-buffer-size: 65552 msg-cache-size: 128m do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes do-daemonize: yes # control which clients are allowed to make (recursive) queries # to this server. Specify classless netblocks with /size and action. # By default everything is refused, except for localhost. # Choose deny (drop message), refuse (polite error reply), # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) # deny_non_local (drop queries unless can be answered from local-data) # refuse_non_local (like deny_non_local but polite error reply). access-control: 127.0.0.0/8 allow access-control: 200.17.33.0/24 allow access-control: 200.17.32.0/24 allow access-control: 186.225.63.200/29 allow access-control: 187.19.201.48/29 allow access-control: 201.20.93.170/29 allow access-control: 200.129.0.33/32 allow access-control: 200.129.0.34/32 allow access-control: 200.129.9.0/24 allow access-control: 200.129.10.0/24 allow access-control: 200.129.11.0/24 allow access-control: 200.129.16.0/24 allow access-control: 200.129.17.0/24 allow access-control: 200.129.18.0/26 allow access-control: 200.129.18.64/26 allow access-control: 200.129.18.128/26 allow access-control: 200.129.24.0/24 allow access-control: 200.129.25.0/24 allow access-control: 200.129.46.0/24 allow access-control: 200.129.48.0/24 allow access-control: 201.20.97.248/29 allow access-control: 201.20.98.0/29 allow chroot: "/usr/local/etc/unbound" username: "unbound" directory: "/usr/local/etc/unbound" logfile: "/usr/local/etc/unbound/unbound.log" use-syslog: no log-time-ascii: no log-queries: no pidfile: "/usr/local/etc/unbound/unbound.pid" root-hints: "/usr/local/etc/unbound/root.hints" hide-identity: yes hide-version: yes identity: "Servidor de DNS recursivo do IFCE" remote-control: control-enable: no control-interface: 127.0.0.1