## This file is for my own configuration that I wish to not get
## accidentally overwritten by package upgrades. This is based on Debian
## Testing (Jessie) dnsmasq.conf on 2014-12-23 08:50+0200

# Send everything to unbound listening on port 5353
no-resolv
server=127.0.0.1#2000 # unbound

# Be better netizen
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# DNSSEC validation and caching:
conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
dnssec
# Check that unsigned reply is OK (takes extra queries)
dnssec-check-unsigned

# Larger cache (default is 150)
cache-size=99999

# Debugging, log all DNS queries
#log-queries

# Filter useless Windows-originated requests
# don't use with Kerberos, SIP, XMPP or Google Talk
#filterwin2k

# Enable dnsmasq's built-in TFTP server
#enable-tftp

# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd

# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure

# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
#tftp-no-blocksize