From c2c83472859342bf3eec27b348c7d7fad3a93b92 Mon Sep 17 00:00:00 2001 From: cjones Date: Mon, 16 Feb 2026 17:48:16 -0500 Subject: [PATCH] deleting old unbound config under /etc/unbound --- etc/unbound/unbound.conf | 58 ------------------- .../unbound.conf.d/remote-control.conf | 5 -- .../root-auto-trust-anchor-file.conf | 4 -- etc/unbound/unbound.conf.d/zones.conf | 3 - 4 files changed, 70 deletions(-) delete mode 100644 etc/unbound/unbound.conf delete mode 100644 etc/unbound/unbound.conf.d/remote-control.conf delete mode 100644 etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf delete mode 100644 etc/unbound/unbound.conf.d/zones.conf diff --git a/etc/unbound/unbound.conf b/etc/unbound/unbound.conf deleted file mode 100644 index f5a23dc..0000000 --- a/etc/unbound/unbound.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Unbound configuration file for Debian. -# -# See the unbound.conf(5) man page. -# -# See /usr/share/doc/unbound/examples/unbound.conf for a commented -# reference config file. -# -# The following line includes additional configuration files from the -# /etc/unbound/unbound.conf.d directory. -include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" - - server: - # location of the trust anchor file that enables DNSSEC - # auto-trust-anchor-file: "/var/lib/unbound/root.key" - # send minimal amount of information to upstream servers to enhance privacy - qname-minimisation: yes - # the interface that is used to connect to the network (this will listen to all interfaces) - interface: 0.0.0.0 - # interface: ::0 - private-address: 192.168.0.0/16 - private-address: 100.64.0.0/10 - - # addresses from the IP range that are allowed to connect to the resolver - access-control: 192.168.88.0/24 allow - # explicitly allow localhost access - access-control: 127.0.0.0/8 allow - # allow Tailnet - access-control: 100.64.0.0/10 allow - # uncomment the following line to allow Tailnet IPv6 - # access-control: fd7a:115c:a1e0::/48 allow - - access-control-view: 192.168.88.0/24 lan - access-control-view: 100.64.0.0/10 tailnet - - do-ip4: yes - do-ip6: no - do-udp: yes - do-tcp: yes - -view: - name: "lan" - view-first: yes - local-zone: "example.com." transparent - local-data: "nextcloud.example.com. A 192.168.88.231" - local-data: "photo.example.com. A 192.168.88.231" - local-data: "gitea.example.com. A 192.168.88.231" - local-data: "portainer.example.com. A 192.168.88.231" - local-data: "vaultwarden.example.com. A 192.168.88.231" - -view: - name: "tailnet" - view-first: yes - local-zone: "example.com." transparent - local-data: "nextcloud.example.com. A 100.81.165.11" - local-data: "photo.example.com. A 100.81.165.11" - local-data: "gitea.example.com. A 100.81.165.11" - local-data: "portainer.example.com. A 100.81.165.11" - local-data: "vaultwarden.example.com. A 100.81.165.11" diff --git a/etc/unbound/unbound.conf.d/remote-control.conf b/etc/unbound/unbound.conf.d/remote-control.conf deleted file mode 100644 index 6c18bd7..0000000 --- a/etc/unbound/unbound.conf.d/remote-control.conf +++ /dev/null @@ -1,5 +0,0 @@ -remote-control: - control-enable: yes - # by default the control interface is is 127.0.0.1 and ::1 and port 8953 - # it is possible to use a unix socket too - control-interface: /run/unbound.ctl diff --git a/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf b/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf deleted file mode 100644 index 433eff9..0000000 --- a/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf +++ /dev/null @@ -1,4 +0,0 @@ -server: - # The following line will configure unbound to perform cryptographic - # DNSSEC validation using the root trust anchor. - auto-trust-anchor-file: "/var/lib/unbound/root.key" diff --git a/etc/unbound/unbound.conf.d/zones.conf b/etc/unbound/unbound.conf.d/zones.conf deleted file mode 100644 index b5f9a6c..0000000 --- a/etc/unbound/unbound.conf.d/zones.conf +++ /dev/null @@ -1,3 +0,0 @@ -auth-zone: - name: objectbrokers.com - zonefile: /etc/unbound/zones/objectbrokers.zone