server: # the working directory. directory: "/etc/unbound" # run as the unbound user username: unbound verbosity: 0 # uncomment and increase to get more logging. # logfile: "/var/log/unbound.log" # won't work due to apparmor # use-syslog: no # By default listen only to localhost #interface: ::1 #interface: 127.0.0.1 port: 53 # Only allow localhost to use this Unbound instance. access-control: 127.0.0.1/8 allow access-control: ::1/128 allow # Private IP ranges, which shall never be returned or forwarded as public DNS response. private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 # Functionality do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes # Performance num-threads: 2 cache-min-ttl: 300 cache-max-ttl: 86400 serve-expired: yes neg-cache-size: 4M msg-cache-size: 50m rrset-cache-size: 100m so-reuseport: yes so-rcvbuf: 4m so-sndbuf: 4m # Privacy / hardening # hide server info from clients hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes harden-algo-downgrade: yes harden-large-queries: yes harden-short-bufsize: yes rrset-roundrobin: yes minimal-responses: yes identity: "Server" # Include possible white/blacklists include: /etc/unbound/lists.d/*.conf remote-control: control-enable: yes control-port: 953