From Kromonos, 2 Months ago, written in YAML.
Embed
  1. server:
  2.   use-syslog: yes
  3.   do-daemonize: no
  4.   directory: /etc/unbound
  5.   logfile: "/var/log/unbound/unbound.log"
  6.   log-time-ascii: yes
  7.   # print one line with time, IP, name, type, class for every query.
  8.   log-queries: yes
  9.   log-replies: yes
  10.   verbosity: 1
  11.  
  12.   interface: 192.168.8.11
  13.   interface: 127.0.0.1
  14.   port:  53
  15.  
  16.   # Access control. Add your network here
  17.   access-control: 127.0.0.1/8 allow
  18.   access-control: 192.168.8.0/24 allow
  19.  
  20.   do-ip4: yes
  21.   do-ip6: no
  22.   do-udp: yes
  23.   do-tcp: yes
  24.  
  25.   chroot: ""
  26.   root-hints: "/var/lib/unbound/root.hints"
  27.   auto-trust-anchor-file: "/var/lib/unbound/root.key"
  28.  
  29.   harden-glue: yes
  30.   use-caps-for-id: no
  31.   edns-buffer-size: 1472
  32.   edns-buffer-size: 1472
  33.  
  34.   cache-min-ttl: 300     # Min ttl to cache (5 minutes)
  35.   cache-max-ttl: 43200   # Max ttl to cache (12 hours)
  36.  
  37.   prefetch: yes
  38.   minimal-responses: yes
  39.   qname-minimisation: yes
  40.  
  41.   num-threads: 4   # Set this to numbers of available CPU incl. cores
  42.   so-rcvbuf: 1m
  43.  
  44.   hide-identity: yes
  45.   hide-version: yes
  46.   do-not-query-localhost: no
  47.  
  48.   private-address: 192.168.0.0/16
  49.   private-address: 169.254.0.0/16
  50.   private-address: 172.16.0.0/12
  51.   private-address: 10.0.0.0/8
  52.   private-address: fd00::/8
  53.   private-address: fe80::/10
  54.  
  55.   # DoT Part
  56.  
  57.   tcp-upstream: yes
  58.   ssl-upstream: yes
  59.  
  60. forward-zone:
  61.   name: "."
  62.   forward-addr: 46.182.19.48@853     # Digitalcourage
  63.   #forward-addr: 185.222.222.222@853  # https://dns.sb/dot/
  64.   #forward-addr: 185.184.222.222@853  # https://dns.sb/dot/
  65.   #forward-addr: 116.203.70.156@853   # dot1.dnswarden.com
  66.   #forward-addr: 116.203.35.255@853   # dot2.dnswarden.com
  67.  
  68.   # /DoT Part
  69.  
  70. remote-control:
  71.   control-enable: yes
  72.  
  73. include: "/etc/unbound/conf.d/*.conf"
  74.