| unbound.conf.5.in (276605) | unbound.conf.5.in (276699) |
|---|---|
| 1.TH "unbound.conf" "5" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" 2.\" 3.\" unbound.conf.5 -- unbound.conf manual 4.\" 5.\" Copyright (c) 2007, NLnet Labs. All rights reserved. 6.\" 7.\" See LICENSE for the license. 8.\" --- 944 unchanged lines hidden (view full) --- 953clause are the declarations for the remote control facility. If this is 954enabled, the \fIunbound\-control\fR(8) utility can be used to send 955commands to the running unbound server. The server uses these clauses 956to setup SSLv3 / TLSv1 security for the connection. The 957\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR 958section for options. To setup the correct self\-signed certificates use the 959\fIunbound\-control\-setup\fR(8) utility. 960.TP 5 | 1.TH "unbound.conf" "5" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1" 2.\" 3.\" unbound.conf.5 -- unbound.conf manual 4.\" 5.\" Copyright (c) 2007, NLnet Labs. All rights reserved. 6.\" 7.\" See LICENSE for the license. 8.\" --- 944 unchanged lines hidden (view full) --- 953clause are the declarations for the remote control facility. If this is 954enabled, the \fIunbound\-control\fR(8) utility can be used to send 955commands to the running unbound server. The server uses these clauses 956to setup SSLv3 / TLSv1 security for the connection. The 957\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR 958section for options. To setup the correct self\-signed certificates use the 959\fIunbound\-control\-setup\fR(8) utility. 960.TP 5 |
| 961.B control\-enable: \fI<yes or no> | 961.B control\-enable: \fI |
| 962The option is used to enable remote control, default is "no". 963If turned off, the server does not listen for control commands. 964.TP 5 | 962The option is used to enable remote control, default is "no". 963If turned off, the server does not listen for control commands. 964.TP 5 |
| 965.B control\-interface: <ip address> 966Give IPv4 or IPv6 addresses to listen on for control commands. | 965.B control\-interface: \fI<ip address or path> 966Give IPv4 or IPv6 addresses or local socket path to listen on for 967control commands. |
| 967By default localhost (127.0.0.1 and ::1) is listened to. 968Use 0.0.0.0 and ::0 to listen to all interfaces. | 968By default localhost (127.0.0.1 and ::1) is listened to. 969Use 0.0.0.0 and ::0 to listen to all interfaces. |
| 970If you change this and permissions have been dropped, you must restart 971the server for the change to take effect. |
|
| 969.TP 5 | 972.TP 5 |
| 970.B control\-port: 971The port number to listen on for control commands, default is 8953. 972If you change this port number, and permissions have been dropped, 973a reload is not sufficient to open the port again, you must then restart. | 973.B control\-port: \fI<port number> 974The port number to listen on for IPv4 or IPv6 control interfaces, 975default is 8953. 976If you change this and permissions have been dropped, you must restart 977the server for the change to take effect. |
| 974.TP 5 | 978.TP 5 |
| 975.B server\-key\-file: "<private key file>" | 979.B control-use-cert: \fI<yes or no> 980Whether to require certificate authentication of control connections. 981The default is "yes". 982This should not be changed unless there are other mechanisms in place 983to prevent untrusted users from accessing the remote control 984interface. 985.TP 5 986.B server\-key\-file: \fI<private key file> |
| 976Path to the server private key, by default unbound_server.key. 977This file is generated by the \fIunbound\-control\-setup\fR utility. 978This file is used by the unbound server, but not by \fIunbound\-control\fR. 979.TP 5 | 987Path to the server private key, by default unbound_server.key. 988This file is generated by the \fIunbound\-control\-setup\fR utility. 989This file is used by the unbound server, but not by \fIunbound\-control\fR. 990.TP 5 |
| 980.B server\-cert\-file: "<certificate file.pem>" | 991.B server\-cert\-file: \fI<certificate file.pem> |
| 981Path to the server self signed certificate, by default unbound_server.pem. 982This file is generated by the \fIunbound\-control\-setup\fR utility. 983This file is used by the unbound server, and also by \fIunbound\-control\fR. 984.TP 5 | 992Path to the server self signed certificate, by default unbound_server.pem. 993This file is generated by the \fIunbound\-control\-setup\fR utility. 994This file is used by the unbound server, and also by \fIunbound\-control\fR. 995.TP 5 |
| 985.B control\-key\-file: "<private key file>" | 996.B control\-key\-file: \fI<private key file> |
| 986Path to the control client private key, by default unbound_control.key. 987This file is generated by the \fIunbound\-control\-setup\fR utility. 988This file is used by \fIunbound\-control\fR. 989.TP 5 | 997Path to the control client private key, by default unbound_control.key. 998This file is generated by the \fIunbound\-control\-setup\fR utility. 999This file is used by \fIunbound\-control\fR. 1000.TP 5 |
| 990.B control\-cert\-file: "<certificate file.pem>" | 1001.B control\-cert\-file: \fI<certificate file.pem> |
| 991Path to the control client certificate, by default unbound_control.pem. 992This certificate has to be signed with the server certificate. 993This file is generated by the \fIunbound\-control\-setup\fR utility. 994This file is used by \fIunbound\-control\fR. 995.SS "Stub Zone Options" 996.LP 997There may be multiple 998.B stub\-zone: --- 156 unchanged lines hidden --- | 1002Path to the control client certificate, by default unbound_control.pem. 1003This certificate has to be signed with the server certificate. 1004This file is generated by the \fIunbound\-control\-setup\fR utility. 1005This file is used by \fIunbound\-control\fR. 1006.SS "Stub Zone Options" 1007.LP 1008There may be multiple 1009.B stub\-zone: --- 156 unchanged lines hidden --- |