Unbound Howto

server:
	verbosity: 1
	log-queries: no
	port: 53
	# ----------------------
	# optimizations https://nlnetlabs.nl/documentation/unbound/howto-optimise/
	# ----------------------
	num-threads: 2
	msg-cache-slabs: 2
    	rrset-cache-slabs: 2
    	infra-cache-slabs: 2
    	key-cache-slabs: 2
	so-reuseport: yes
	key-cache-size: 8m # default 4m
	neg-cache-size: 2m # default 1m
	rrset-cache-size: 100m # rrset=msg*2 # default 4m
	msg-cache-size: 50m # default 4m
	# depends on number of cores: 1024/cores - 50
	outgoing-range: 462
	num-queries-per-thread: 231 # outgoing-range/2
	so-rcvbuf: 4m
	so-sndbuf: 4m
	outgoing-num-tcp: 100 #default 10
	incoming-num-tcp: 100 #default 10
	stream-wait-size: 8m #default 4m
	# ----------------------
	statistics-interval: 1200
	# ----------------------
	port: 53
	interface: 0.0.0.0
	interface: ::0
        #
        # tls setup get ssl keys from letsencrypt
        # 
	interface: 0.0.0.0@853
	interface: ::0@853
	tls-service-key: /etc/unbound/privkey.pem
	tls-service-pem: /etc/unbound/fullchain.pem
        # 
	use-syslog: yes
        # first start
	# drill . ns @161.97.219.84 > named.cache.opennic
	# dig -t DNSKEY . @161.97.219.84 | dnssec-dsfromkey -1 -f - . > opennic.dnskey
	# dig -t DNSKEY . @161.97.219.84 | dnssec-dsfromkey -2 -f - . > opennic.dnskey
	root-hints: "/etc/unbound/named.cache.opennic"
	trust-anchor-file: "/etc/unbound/opennic.dnskey"
	# dnssec not working at the moment for all domains
	harden-dnssec-stripped: no
	harden-glue:  no
	aggressive-nsec: no	
	do-not-query-localhost: no
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow
	#
	hide-identity: yes
	identity: "pope.vatican.va"
	hide-version: yes
	version:  "0.0"
	tls-system-cert: yes
	#ip-ratelimit-factor: 10
    	#ip-ratelimit: 60
    	ratelimit: 100
	include: /etc/unbound/opennic_server.conf
	
local-zone: "168.192.in-addr.arpa." transparent
local-zone: "10.in-addr.arpa." transparent
local-zone: "16.172.in-addr.arpa." transparent
local-zone: "17.172.in-addr.arpa." transparent
local-zone: "18.172.in-addr.arpa." transparent
local-zone: "19.172.in-addr.arpa." transparent
local-zone: "20.172.in-addr.arpa." transparent
local-zone: "21.172.in-addr.arpa." transparent
local-zone: "22.172.in-addr.arpa." transparent
local-zone: "23.172.in-addr.arpa." transparent
local-zone: "24.172.in-addr.arpa." transparent
local-zone: "25.172.in-addr.arpa." transparent
local-zone: "26.172.in-addr.arpa." transparent
local-zone: "27.172.in-addr.arpa." transparent
local-zone: "28.172.in-addr.arpa." transparent
local-zone: "29.172.in-addr.arpa." transparent
local-zone: "30.172.in-addr.arpa." transparent
local-zone: "31.172.in-addr.arpa." transparent
local-zone: "0.in-addr.arpa." transparent
local-zone: "127.in-addr.arpa." transparent
local-zone: "254.169.in-addr.arpa." transparent
local-zone: "2.0.192.in-addr.arpa." transparent
local-zone: "100.51.198.in-addr.arpa." transparent
local-zone: "113.0.203.in-addr.arpa." transparent
local-zone: "255.255.255.255.in-addr.arpa." transparent
local-zone: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." transparent
local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." transparent
local-zone: "d.f.ip6.arpa." transparent
local-zone: "8.e.f.ip6.arpa." transparent
local-zone: "9.e.f.ip6.arpa." transparent
local-zone: "a.e.f.ip6.arpa." transparent
local-zone: "b.e.f.ip6.arpa." transparent
local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." transparent
local-zone: "onion." always_null
# test local
# just an example
#local-zone: "porno." static
#local-data: 'porno. IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800'
#local-data: 'rechner.porno. IN A 127.0.0.1'

remote-control:
	control-enable: yes
	

#!/usr/bin/perl

use strict;
use warnings;
use XML::Parser;
use Data::Dumper;

my @bla = `wget --no-check-certificate -q -O - https://servers.opennic.org?tier=1`;

my $done=0;
my $res="";

while ( @bla ) {
    my $l = shift @bla;
    unless ($done) {
	if ( $l =~ /opennic\.glue/ ) {
	    $done++;
	    $res = $l;
	}
    }
}

$res =~ s/\<p\>//g;
$res =~ s/\<\/p\>//g;
$res =~ s/\<span\>//g;
$res =~ s/\<\/span\>//g;
$res =~ s/\<span\sclass=\'host\'[^\>]+\>//g;
$res =~ s/\<a.+\>(.+)\<\/a\>//;
$res =~ s/\<wbr\>/:/g;
if ( $res =~ /\>(\d+\.\d+\.\d+\.\d+)\</ ) {
    print $1 . "\n";
}
if ( $res =~ /\>([0-9A-Fa-f]+:\S+)\</ ) {
    print $1 . "\n";
}