|
|
|
@ -1,37 +1,24 @@
|
|
|
|
|
#! /bin/sh
|
|
|
|
|
|
|
|
|
|
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
|
|
|
|
|
|
|
|
|
|
reserved=12582912
|
|
|
|
|
availableMemory=$((1024 * $(fgrep MemAvailable /proc/meminfo | sed 's/[^0-9]//g') - $reserved))
|
|
|
|
|
if [ $availableMemory -le 0 ]; then
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
msg_cache_size=$(($availableMemory / 3))
|
|
|
|
|
rr_cache_size=$(($availableMemory / 3))
|
|
|
|
|
nproc=$(nproc)
|
|
|
|
|
if [ $nproc -gt 1 ]; then
|
|
|
|
|
threads=$(($nproc - 1))
|
|
|
|
|
else
|
|
|
|
|
threads=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
provider_name=$(cat "$KEYS_DIR/provider_name")
|
|
|
|
|
|
|
|
|
|
sed \
|
|
|
|
|
-e "s/@MSG_CACHE_SIZE@/${msg_cache_size}/" \
|
|
|
|
|
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
|
|
|
|
-e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
|
|
|
|
|
-e "s/@THREADS@/${threads}/" \
|
|
|
|
|
> /opt/unbound/etc/unbound/unbound.conf << EOT
|
|
|
|
|
cat > /opt/unbound/etc/unbound/unbound.conf << EOT
|
|
|
|
|
server:
|
|
|
|
|
num-threads: 2
|
|
|
|
|
msg-cache-slabs: 2
|
|
|
|
|
rrset-cache-slabs: 2
|
|
|
|
|
infra-cache-slabs: 2
|
|
|
|
|
key-cache-slabs: 2
|
|
|
|
|
ratelimit-slabs: 2
|
|
|
|
|
so-rcvbuf: 4m
|
|
|
|
|
so-sndbuf: 4m
|
|
|
|
|
key-cache-size: 16m
|
|
|
|
|
infra-cache-numhosts: 50000
|
|
|
|
|
extended-statistics: yes
|
|
|
|
|
verbosity: 1
|
|
|
|
|
num-threads: @THREADS@
|
|
|
|
|
interface: 127.0.0.1@553
|
|
|
|
|
so-reuseport: yes
|
|
|
|
|
edns-buffer-size: 1252
|
|
|
|
|
delay-close: 10000
|
|
|
|
|
cache-min-ttl: 60
|
|
|
|
|
cache-min-ttl: 600
|
|
|
|
|
cache-max-ttl: 86400
|
|
|
|
|
do-daemonize: no
|
|
|
|
|
username: "_unbound"
|
|
|
|
@ -56,11 +43,11 @@ server:
|
|
|
|
|
auto-trust-anchor-file: "var/root.key"
|
|
|
|
|
num-queries-per-thread: 4096
|
|
|
|
|
outgoing-range: 8192
|
|
|
|
|
msg-cache-size: @MSG_CACHE_SIZE@
|
|
|
|
|
rrset-cache-size: @RR_CACHE_SIZE@
|
|
|
|
|
neg-cache-size: 4M
|
|
|
|
|
access-control: 0.0.0.0/0 allow
|
|
|
|
|
access-control: ::0/0 allow
|
|
|
|
|
msg-cache-size: 512m
|
|
|
|
|
rrset-cache-size: 1024m
|
|
|
|
|
neg-cache-size: 4m
|
|
|
|
|
access-control: 127.0.0.1 allow
|
|
|
|
|
access-control: ::1 allow
|
|
|
|
|
|
|
|
|
|
local-zone: "belkin." static
|
|
|
|
|
local-zone: "corp." static
|
|
|
|
@ -73,7 +60,7 @@ server:
|
|
|
|
|
local-zone: "local." static
|
|
|
|
|
local-zone: "localdomain." static
|
|
|
|
|
local-zone: "test." static
|
|
|
|
|
local-zone: "@PROVIDER_NAME@." refuse
|
|
|
|
|
local-zone: "2.dnscrypt-cert.dnscrypt.me." refuse
|
|
|
|
|
|
|
|
|
|
remote-control:
|
|
|
|
|
control-enable: yes
|
|
|
|
|