adding main unbound configuration file and top-level readme

2026-02-11 12:11:16 -05:00
commit c3ee46cf37
2 changed files with 38 additions and 0 deletions
--- a/etc/unbound/unbound.conf
+++ b/etc/unbound/unbound.conf
@@ -0,0 +1,36 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
+
+    server:
+    # location of the trust anchor file that enables DNSSEC
+    # auto-trust-anchor-file: "/var/lib/unbound/root.key"
+    # send minimal amount of information to upstream servers to enhance privacy
+    qname-minimisation: yes
+    # the interface that is used to connect to the network (this will listen to all interfaces)
+    interface: 0.0.0.0
+    # interface: ::0
+    # addresses from the IP range that are allowed to connect to the resolver
+    access-control: 192.168.88.0/24 allow
+    # allow Tailnet
+    access-control: 100.64.0.0/10 allow
+    # allow Tailnet IPv6
+    access-control: fd7a:115c:a1e0::/48 allow
+    
+    do-ip4: yes
+    do-ip6: yes
+    do-udp: yes
+    do-tcp: yes
+
+
+remote-control:
+    # allows controlling unbound using "unbound-control"
+    control-enable: yes
+
--- a/readme.md
+++ b/readme.md
@@ -0,0 +1,2 @@
+System configuration files for host teal.  The directory hierarchy under this repo corresponds to the directory hierarchy under / (root) on the host teal.
+
				`@@ -0,0 +1,2 @@`
				`System configuration files for host teal. The directory hierarchy under this repo corresponds to the directory hierarchy under / (root) on the host teal.`