server:
	username: unbound
	directory: /usr/local/etc/unbound
	chroot: /usr/local/etc/unbound
	pidfile: /usr/local/etc/unbound/unbound.pid
	auto-trust-anchor-file: /usr/local/etc/unbound/root.key

	# Accept IPv4 queries from authorized clients on all interfaces.
	do-ip4: yes
	interface: 0.0.0.0
	access-control: 127.0.0.1/32 allow
	# Replace this with your own subnet(s)!
	access-control: 192.0.2.0/24 allow

	# Accept IPv6 queries from authorized clients on all interfaces.
	do-ip6: yes
	interface: ::0
	access-control: ::1/128 allow
	access-control: fe80::/64 allow
	# Replace this with your own subnet(s)!
	access-control: 2001:db8::/64 allow

	# Copy server address from query to response.  This may be
	# necessary if the server is multi-homed.
	interface-automatic: yes

	# Mitigate CVE-2015-7547 in clients.
	max-udp-size: 2048

# Allow remote control over a local socket.
remote-control:
	control-enable: yes
	control-interface: /usr/local/etc/unbound/unbound.ctl
	control-use-cert: no

# Forward all queries to Google's public DNS servers.  You can either
# replace this with your ISP's servers (or other servers of your choice)
# or remove the entire section, in which case Unbound will recurse
# instead of forwarding.
forward-zone:
	name: "."
	forward-addr: 8.8.8.8
	forward-addr: 8.8.4.4
	forward-addr: 2001:4860:4860::8888
	forward-addr: 2001:4860:4860::8844