remote-control:
        control-enable: yes               # allows control using "unbound-control"

server:
	interface: 0.0.0.0                # listen on all IPv4 network interfaces
	interface: ::0	                  # listen on all IPv6 network interfaces
	port: 53                          # listen on port 53
	access-control: 127.0.0.1/8 allow # allow IPv4 queries from the local host
	access-control: ::1/64 allow      # allow IPv6 queries from the local host
        access-control: 192.168.0.0/16 allow # allow IPv4 query from the local network

        qname-minimisation: yes           # send minimal amount of information to upstream servers to enhance privacy
        auto-trust-anchor-file: "/var/lib/unbound/root.key" # location of the trust anchor file that enables DNSSEC
	num-threads: 1
	aggressive-nsec: yes
	prefetch: yes                     # refresh expiring cache entries, if less than 10% of their TTL remains
	hide-identity: yes                # less verbose responses
	hide-version: yes                 # less verbose responses
	rrset-cache-size: 100m
	msg-cache-size: 50m
	cache-min-ttl: 3600               # 1 hour minimum caching time
	cache-max-ttl: 86400              # 1 day maximum caching time
	cache-max-negative-ttl: 3600      # 1 hour maximum caching time for negative responses
	so-reuseport: yes                 # faster UDP with multithreading (only on Linux)
	verbosity: 0                      # log nothing

forward-zone:
	name: "."
	forward-addr: 1.1.1.1@53          # use Cloudflare (primary)
	forward-addr: 1.0.0.1@53          # use Cloudflare (secondary)
	forward-addr: 8.8.8.8@53          # use Google Public DNS (primary)
	forward-addr: 8.8.4.4@53          # use Google Public DNS (secondary)
	forward-addr: 9.9.9.9@53          # use Quad9