unbound.sample.conf

# Author: Satish Gaikwad <satish@satishweb.com>
server:
      verbosity: 1
      username: unbound
      num-threads: 1
      interface: 0.0.0.0
      port: 53
      outgoing-range: 512
      num-queries-per-thread: 1024
      msg-cache-size: 16m
      rrset-cache-size: 32m
      msg-cache-slabs: 8
      rrset-cache-slabs: 8
      edns-buffer-size: 1280
      #so-rcvbuf: 1m
      val-clean-additional: yes
      hide-identity: yes
      hide-version: yes
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      do-daemonize: no
      access-control: 0.0.0.0/0 refuse          # Block all IPs
      access-control: 192.168.0.0/16 allow      # Allow Private IPs
      access-control: 172.16.0.0/12 allow       # Allow Private IPs
      access-control: 10.0.0.0/8 allow          # Allow Private IPs
      access-control: fd00::/8 allow            # Allow Private IPs
      access-control: 127.0.0.0/8 allow         # Allow self
      access-control: ::1 allow                 # Allow self
      access-control: ::ffff:127.0.0.1 allow    # Allow self
      use-syslog: no
      log-queries: no
      log-time-ascii: yes
      #private-domain: "my.lan"
      #domain-insecure: "my.lan"
      qname-minimisation: yes
      auto-trust-anchor-file: /etc/unbound/keys/root.key
      root-hints: "/etc/unbound/root.hints"
      include: /etc/unbound/unbound.blocked.hosts
      include: /etc/unbound/custom/custom.hosts

remote-control:
      control-enable: yes
      control-interface: 127.0.0.1
      server-key-file: "/etc/unbound/unbound_server.key"
      server-cert-file: "/etc/unbound/unbound_server.pem"
      control-key-file: "/etc/unbound/unbound_control.key"
      control-cert-file: "/etc/unbound/unbound_control.pem"


forward-zone:
        name: "."
        forward-addr: 208.67.222.222 # OpenDNS
        forward-addr: 8.8.4.4        # Google
        forward-addr: 8.8.8.8        # Google
        forward-addr: 37.235.1.174   # FreeDNS
        forward-addr: 37.235.1.177   # FreeDNS
        forward-addr: 50.116.23.211  # OpenNIC
        forward-addr: 64.6.64.6      # Verisign
        forward-addr: 64.6.65.6      # Verisign
        forward-addr: 74.82.42.42    # Hurricane Electric
        forward-addr: 84.200.69.80   # DNS Watch
        forward-addr: 84.200.70.40   # DNS Watch
        forward-addr: 91.239.100.100 # censurfridns.dk
        forward-addr: 109.69.8.51    # puntCAT
        forward-addr: 216.146.35.35  # Dyn Public
        forward-addr: 216.146.36.36  # Dyn Public