Commit Graph

16 Commits

Author SHA1 Message Date
Orazio
9aba6192e7 unbound: block dns rebinding
Blocking RFC 1918 addresses too is unlikely to be useful on your setup, but may be in case you add something like a VPC in the future.
2023-10-04 10:26:16 -04:00
Daniel Micay
9419af1bd6 use af21 for unbound DoT traffic 2023-08-19 00:20:21 -04:00
Tommy
f90943d9e9 Additional unbound hardening 2023-07-09 18:46:33 -04:00
Daniel Micay
312b1a027b switch to unix domain sockets for mastodon 2023-02-17 16:24:35 -05:00
Daniel Micay
53b2431f6b switch to unix socket socket for redis 2023-02-15 02:45:52 -05:00
Daniel Micay
7871fa2d51 add comments for unbound avoid port configuration 2023-02-11 20:29:33 -05:00
Daniel Micay
edbb9158a4 avoid port 7275 (supl) for unbound 2023-02-11 20:23:22 -05:00
Daniel Micay
3c6aeeab3d add Mastodon ports to unbound avoid list 2023-01-10 14:09:10 -05:00
Daniel Micay
3d5f437ec7 allow unbound to use more outbound ports 2022-09-22 13:41:47 -04:00
Daniel Micay
97ad3e7810 unbound: disable unnecessary id/version queries 2022-07-27 02:38:34 -04:00
Daniel Micay
16b58ea6e4 enable strict QNAME minimisation 2022-07-27 02:30:53 -04:00
Daniel Micay
1d9d5df54c unbound: only listen on IPv6 2022-07-10 15:41:10 -04:00
Daniel Micay
710d487e78 qname-minimisation is enabled by default now 2022-07-03 09:30:44 -04:00
Daniel Micay
f5e61e0ca7 unbound: enable prefetch and prefetch-key 2021-09-14 23:58:14 -04:00
Daniel Micay
964473b6c2 add IPv6 DNS resolvers 2021-09-08 04:08:36 -04:00
Daniel Micay
d24d24926a add subset of shared configuration files 2021-07-28 08:23:04 -04:00