latest
Getting Started
Installation
Configuration
Use Cases
Resolver for Home Networks
Local DNS (Stub) Resolver for a Single Machine
Core
Performance Tuning
Monitoring and Reporting
Serving Stale Data
Privacy
Aggressive NSEC
DNS-over-HTTPS
Filtering
Tags and Views
Response Policy Zones
Developer
Unbound Library Tutorial
Unbound for Python
Source Code Docs
Manual Pages
unbound(8)
unbound-checkconf(8)
unbound.conf(5)
unbound-host(1)
libunbound(3)
unbound-control(8)
unbound-anchor(8)
Reference
RFC Compliance
History
Docs To-Do List
Unbound
Docs
»
Index
Edit on GitHub
Index
Symbols
|
A
|
B
|
C
|
D
|
E
|
F
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
Z
Symbols
-4
command line option
,
[1]
-6
command line option
,
[1]
-a file
command line option
-b address
command line option
-c cfgfile
command line option
,
[1]
-c class
command line option
-C configfile
command line option
-c file
command line option
-C unbound.conf
command line option
-D
command line option
-d
command line option
,
[1]
-F
command line option
-f
command line option
-f keyfile
command line option
-F namedkeyfile
command line option
-f resolv.conf
command line option
-h
command line option
,
[1]
,
[2]
,
[3]
,
[4]
-l
command line option
-n name
command line option
-o option
command line option
-p
command line option
-P port
command line option
-q
command line option
-R
command line option
-r
command line option
-r root.hints
command line option
-S
command line option
-s path
command line option
-s server[@port]
command line option
-t type
command line option
-u name
command line option
-V
command line option
-v
command line option
,
[1]
,
[2]
-x path
command line option
-y key
command line option
A
access-control-tag-action: <IP netblock> <tag> <action>
access-control-tag-data: <IP netblock> <tag> <"resource record string">
access-control-tag: <IP netblock> <"list of tags">
access-control-view: <IP netblock> <view name>
access-control: <IP netblock> <action>
add-holddown: <seconds>
Aggressive NSEC
aggressive-nsec: <yes or no>
allow-notify: <IP address or host name or netblockIP / prefix>
allow-notify: <IP address or host name or netblockIP/prefix>
auto-trust-anchor-file: <filename>
B
backend: <backend name>
C
cache-max-negative-ttl: <seconds>
cache-max-ttl: <seconds>
cache-min-ttl: <seconds>
caps-exempt: <domain>
caps-whitelist: <yes or no>
cfgfile
command line option
chroot: <directory>
client-subnet-always-forward: <yes or no>
client-subnet-zone: <domain>
command line option
-4
,
[1]
-6
,
[1]
-a file
-b address
-c cfgfile
,
[1]
-c class
-C configfile
-c file
-C unbound.conf
-d
,
[1]
-D
-F
-f
-f keyfile
-F namedkeyfile
-f resolv.conf
-h
,
[1]
,
[2]
,
[3]
,
[4]
-l
-n name
-o option
-p
-P port
-q
-R
-r
-r root.hints
-S
-s path
-s server[@port]
-t type
-u name
-v
,
[1]
,
[2]
-V
-x path
-y key
cfgfile
hostname
control-cert-file: <certificate file.pem>
control-enable: <yes or no>
control-interface: <ip address or path>
control-key-file: <private key file>
control-port: <port number>
control-use-cert: <yes or no>
D
define-tag: <"list of tags">
del-holddown: <seconds>
delay-close: <msec>
deny-any: <yes or no>
directory: <directory>
disable-dnssec-lame-check: <yes or no>
dns64-ignore-aaaa: <name>
dns64-prefix: <IPv6 prefix>
dns64-synthall: <yes or no>
dnscrypt-enable: <yes or no>
dnscrypt-nonce-cache-size: <memory size>
dnscrypt-nonce-cache-slabs: <number>
dnscrypt-port: <port number>
dnscrypt-provider-cert-rotated: <path to cert file>
dnscrypt-provider-cert: <path to cert file>
dnscrypt-provider: <provider name>
dnscrypt-secret-key: <path to secret key file>
dnscrypt-shared-secret-cache-size: <memory size>
dnscrypt-shared-secret-cache-slabs: <number>
DNSSEC-Validated cache
dnstap-bidirectional: <yes or no>
dnstap-enable: <yes or no>
dnstap-identity: <string>
dnstap-ip: <IPaddress[@port]>
dnstap-log-client-query-messages: <yes or no>
dnstap-log-client-response-messages: <yes or no>
dnstap-log-forwarder-query-messages: <yes or no>
dnstap-log-forwarder-response-messages: <yes or no>
dnstap-log-resolver-query-messages: <yes or no>
dnstap-log-resolver-response-messages: <yes or no>
dnstap-send-identity: <yes or no>
dnstap-send-version: <yes or no>
dnstap-socket-path: <file name>
dnstap-tls-cert-bundle: <file name of cert bundle>
dnstap-tls-client-cert-file: <file name>
dnstap-tls-client-key-file: <file name>
dnstap-tls-server-name: <name of TLS authentication>
dnstap-tls: <yes or no>
dnstap-version: <string>
do-daemonize: <yes or no>
do-ip4: <yes or no>
do-ip6: <yes or no>
do-not-query-address: <IP address>
do-not-query-localhost: <yes or no>
do-tcp: <yes or no>
do-udp: <yes or no>
domain-insecure: <domain name>
dynlib-file: <dynlib file>
E
edns-buffer-size: <number>
edns-client-string-opcode: <opcode>
edns-client-string: <IP netblock> <string>
edns-tcp-keepalive-timeout: <msec>
edns-tcp-keepalive: <yes or no>
extended-statistics: <yes or no>
F
fallback-enabled: <yes or no>
fast-server-num: <number>
fast-server-permil: <number>
for-downstream: <yes or no>
for-upstream: <yes or no>
forward-addr: <IP address>
forward-first: <yes or no>
forward-host: <domain name>
forward-no-cache: <yes or no>
forward-ssl-upstream: <yes or no>
forward-tcp-upstream: <yes or no>
forward-tls-upstream: <yes or no>
H
harden-algo-downgrade: <yes or no>
harden-below-nxdomain: <yes or no>
harden-dnssec-stripped: <yes or no>
harden-glue: <yes or no>
harden-large-queries: <yes or no>
harden-referral-path: <yes or no>
harden-short-bufsize: <yes or no>
hide-http-user-agent: <yes or no>
hide-identity: <yes or no>
hide-trustanchor: <yes or no>
hide-version: <yes or no>
home.arpa (RFC 8375)
hostname
command line option
http-endpoint: <endpoint string>
http-max-streams: <number of streams>
http-nodelay: <yes or no>
http-notls-downstream: <yes or no>
http-query-buffer-size: <size in bytes>
http-response-buffer-size: <size in bytes>
http-user-agent: <string>
https-port: <number>
I
identity: <string>
ignore-cd-flag: <yes or no>
incoming-num-tcp: <number>
infra-cache-min-rtt: <msec>
infra-cache-numhosts: <number>
infra-cache-slabs: <number>
infra-host-ttl: <seconds>
infra-keep-probing: <yes or no>
insecure-lan-zones: <yes or no>
interface-automatic: <yes or no>
interface: <ip address[@port]>
invalid (RFC 6761)
ip-address: <ip address[@port]>
ip-dscp: <number>
ip-freebind: <yes or no>
ip-ratelimit-factor: <number>
ip-ratelimit-size: <memory size>
ip-ratelimit-slabs: <number>
ip-ratelimit: <number or 0>
ip-transparent: <yes or no>
ipsecmod-allow: <domain>
ipsecmod-enabled: <yes or no>
ipsecmod-hook: <filename>
ipsecmod-ignore-bogus: <yes or no>
ipsecmod-max-ttl: <seconds>
ipsecmod-strict: <yes or no>
ipsecmod-whitelist: <yes or no>
J
jostle-timeout: <msec>
K
keep-missing: <seconds>
key-cache-size: <number>
key-cache-slabs: <number>
L
local-data-ptr: "IP addr name"
local-data-ptr: "IPaddr name"
local-data: "<resource record string>"
local-data: '<resource record string>'
local-zone-override: <zone> <IP netblock> <type>
local-zone-tag: <zone> <"list of tags">
local-zone: <zone> <type>
local-zone: <zone> <type>
localhost
log-identity: <string>
log-local-actions: <yes or no>
log-queries: <yes or no>
log-replies: <yes or no>
log-servfail: <yes or no>
log-tag-queryreply: <yes or no>
log-time-ascii: <yes or no>
logfile: <filename>
M
master: <IP address or host name>
master: <IP address or hostname>
max-client-subnet-ipv4: <number>
max-client-subnet-ipv6: <number>
max-ecs-tree-size-ipv4: <number>
max-ecs-tree-size-ipv6: <number>
max-reuse-tcp-queries: <number>
max-udp-size: <number>
min-client-subnet-ipv4: <number>
min-client-subnet-ipv6: <number>
minimal-responses: <yes or no>
module-config: <"module names">
msg-buffer-size: <number>
msg-cache-size: <number>
msg-cache-slabs: <number>
N
name: <domain name>
name: <domainname>
name: <view name>
name: <zone name>
neg-cache-size: <number>
NSEC records
nsid: <string>
num-queries-per-thread: <number>
num-threads: <number>
O
onion (RFC 7686)
outbound-msg-retry: <number>
outgoing-interface: <ip address or ip6 netblock>
outgoing-num-tcp: <number>
outgoing-port-avoid: <port number or range>
outgoing-port-permit: <port number or range>
outgoing-range: <number>
outgoing-tcp-mss: <number>
P
pad-queries-block-size: <number>
pad-queries: <yes or no>
pad-responses-block-size: <number>
pad-responses: <yes or no>
permit-small-holddown: <yes or no>
pidfile: <filename>
port: <port number>
prefer-ip4: <yes or no>
prefer-ip6: <yes or no>
prefetch-key: <yes or no>
prefetch: <yes or no>
primary: <IP address or host name>
primary: <IP address or hostname>
private-address: <IP address or subnet>
private-domain: <domain name>
Q
qname-minimisation-strict: <yes or no>
qname-minimisation: <yes or no>
R
ratelimit-below-domain: <domain> <number qps or 0>
ratelimit-factor: <number>
ratelimit-for-domain: <domain> <number qps or 0>
ratelimit-size: <memory size>
ratelimit-slabs: <number>
ratelimit: <number or 0>
redis-expire-records: <yes or no>
redis-server-host: <server address or name>
redis-server-port: <port number>
redis-timeout: <msec>
Response Policy Zones
response-ip-data: <IP-netblock> <"resource record string">
response-ip-tag: <IP-netblock> <"list of tags">
response-ip: <IP-netblock> <action>
reverse IPv4 loopback
reverse IPv6 Example Prefix
reverse IPv6 loopback
reverse RFC 1918 local use zones
reverse RFC 3330 IP4 this, link-local, testnet and broadcast
reverse RFC 4193 IPv6 Locally Assigned Local Addresses
reverse RFC 4291 IP6 unspecified
reverse RFC 4291 IPv6 Link Local Addresses
RFC
RFC 1034
RFC 1035
RFC 1101
RFC 1123
RFC 1183
RFC 1337
RFC 1521
RFC 1706
RFC 1712
RFC 1876
RFC 1918
,
[1]
,
[2]
,
[3]
RFC 1982
RFC 1995
RFC 1996
RFC 2163
RFC 2181
RFC 2182
RFC 2230
RFC 2253
RFC 2308
,
[1]
RFC 2535
RFC 2536
RFC 2537
RFC 2538
RFC 2539
RFC 2606
RFC 2671
RFC 2672
RFC 2673
RFC 2782
RFC 2874
RFC 2915
RFC 2930
RFC 3110
RFC 3123
RFC 3225
RFC 3330
RFC 3526
RFC 3597
RFC 3779
RFC 4007
RFC 4025
RFC 4033
RFC 4034
,
[1]
,
[2]
RFC 4035
,
[1]
RFC 4193
RFC 4255
RFC 4291
,
[1]
RFC 4343
RFC 4398
RFC 4431
RFC 4509
RFC 4592
,
[1]
RFC 4597
RFC 4697
RFC 4701
RFC 5001
RFC 5011
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
,
[6]
,
[7]
,
[8]
RFC 5114
RFC 5155
RFC 5205
RFC 5358
RFC 5452
RFC 5702
RFC 5933
RFC 6147
RFC 6234
RFC 6303
RFC 6598
RFC 6604
RFC 6605
RFC 6672
RFC 6698
RFC 6725
RFC 6742
RFC 6761
,
[1]
,
[2]
RFC 6840
RFC 6844
RFC 6891
RFC 6975
RFC 7043
RFC 7344
RFC 7413
RFC 7477
RFC 7553
RFC 7646
RFC 7686
,
[1]
RFC 7706
RFC 7816
RFC 7830
RFC 7858
RFC 7871
RFC 7929
RFC 7958
,
[1]
,
[2]
RFC 8020
,
[1]
RFC 8080
RFC 8145
,
[1]
RFC 8162
RFC 8198
,
[1]
,
[2]
RFC 8310
RFC 8375
,
[1]
RFC 8467
RFC 8482
RFC 8484
RFC 8509
RFC 8624
RFC 8767
,
[1]
,
[2]
,
[3]
,
[4]
RFC 8767#section-4
RFC 8767#section-5-11
RFC 8806
RFC 8976
root-hints: <filename>
root-key-sentinel: <yes or no>
RPZ
RPZ actions
RPZ policies
rpz-action-override: <action>
rpz-cname-override: <domain>
rpz-log-name: <name>
rpz-log: <yes or no>
rrset-cache-size: <number>
rrset-cache-slabs: <number>
rrset-roundrobin: <yes or no>
S
secret-seed: <"secret string">
send-client-subnet: <IP address>
serve-expired-client-timeout: <msec>
serve-expired-reply-ttl: <seconds>
serve-expired-ttl-reset: <yes or no>
serve-expired-ttl: <seconds>
serve-expired: <yes or no>
serve-original-ttl: <yes or no>
server-cert-file: <certificate file.pem>
server-key-file: <private key file>
so-rcvbuf: <number>
so-reuseport: <yes or no>
so-sndbuf: <number>
ssl-cert-bundle: <file>
ssl-port: <number>
ssl-service-key: <file>
ssl-service-pem: <file>
ssl-upstream: <yes or no>
statistics-cumulative: <yes or no>
statistics-interval: <seconds>
stream-wait-size: <number>
stub-addr: <IP address>
stub-first: <yes or no>
stub-host: <domain name>
stub-no-cache: <yes or no>
stub-prime: <yes or no>
stub-ssl-upstream: <yes or no>
stub-tcp-upstream: <yes or no>
stub-tls-upstream: <yes or no>
T
Tags
tags: <list of tags>
target-fetch-policy: <"list of numbers">
tcp-auth-query-timeout: <number>
tcp-connection-limit: <IP netblock> <limit>
tcp-idle-timeout: <msec>
tcp-mss: <number>
tcp-reuse-timeout: <msec>
tcp-upstream: <yes or no>
test (RFC 6761)
tls-additional-port: <portnr>
tls-cert-bundle: <file>
tls-ciphers: <string with cipher list>
tls-ciphersuites: <string with ciphersuites list>
tls-port: <number>
tls-service-key: <file>
tls-service-pem: <file>
tls-session-ticket-keys: <file>
tls-upstream: <yes or no>
tls-use-sni: <yes or no>
tls-win-cert: <yes or no>
trust-anchor-file: <filename>
trust-anchor-signaling: <yes or no>
trust-anchor: <"Resource Record">
trusted-keys-file: <filename>
U
ub_cancel
ub_ctx_add_ta
ub_ctx_add_ta_autr
ub_ctx_add_ta_file
ub_ctx_async
ub_ctx_config
ub_ctx_create
ub_ctx_data_add
ub_ctx_data_remove
ub_ctx_debuglevel
ub_ctx_debugout
ub_ctx_delete
ub_ctx_get_option
ub_ctx_hosts
ub_ctx_print_local_zones
ub_ctx_resolvconf
ub_ctx_set_fwd
ub_ctx_set_option
ub_ctx_set_stub
ub_ctx_set_tls
ub_ctx_trustedkeys
ub_ctx_zone_add
ub_ctx_zone_remove
ub_fd
ub_poll
ub_process
ub_resolve
ub_resolve_async
ub_resolve_free
ub_strerror
ub_wait
udp-connect: <yes or no>
udp-upstream-without-downstream: <yes or no>
unblock-lan-zones: <yes or no>
unknown-server-time-limit: <msec>
unwanted-reply-threshold: <number>
url: <url to zone file>
url: <url to zonefile>
use-caps-for-id: <yes or no>
use-syslog: <yes or no>
use-systemd: <yes or no>
username: <name>
V
val-bogus-ttl: <number>
val-clean-additional: <yes or no>
val-log-level: <number>
val-max-restart: <number>
val-nsec3-keysize-iterations: <"list of values">
val-override-date: <rrsig-style date spec>
val-permissive-mode: <yes or no>
val-sig-skew-max: <seconds>
val-sig-skew-min: <seconds>
verbosity: <number>
version: <string>
view-first: <yes or no>
Views
Z
zonefile: <file name>
zonefile: <filename>
zonemd-check: <yes or no>
zonemd-permissive-mode: <yes or no>
zonemd-reject-absence: <yes or no>
Read the Docs
v: latest
Versions
latest
rpz-rewrite
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.