server:

	interface: 10.8.0.2
	interface: fd80::2
	port: 54
	interface-automatic: yes

	username: unbound
	chroot: ''
	use-systemd: yes
	do-daemonize: no

	logfile: /var/log/unbound/debug.log
	verbosity: 2
	use-syslog: no

	num-threads: 1
	num-queries-per-thread: 1024
	jostle-timeout: 200

	prefetch: yes
	edns-buffer-size: 1472
	rrset-roundrobin: no
	minimal-responses: yes

	access-control: '::/0' allow
	access-control: 0.0.0.0/0 allow

	hide-version: yes
	harden-glue: yes
	harden-algo-downgrade: yes

	harden-dnssec-stripped: no
	val-permissive-mode: yes
	val-log-level: 0

	prefer-ip6: no
	tcp-idle-timeout: 9000
	edns-tcp-keepalive: no

	fast-server-permil: 0

	tls-ciphersuites: TLS_CHACHA20_POLY1305_SHA256
	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt


	insecure-lan-zones: yes

	# local-* lines in real setup only have different values
	local-zone: zzz. static
	local-data: 'gw.zzz A 10.8.0.1'
	local-data: 'gw.zzz AAAA fd80::1'
	local-data: 'ns.zzz A 10.8.0.1'
	local-data: 'ns.zzz AAAA fd80::1'

	local-zone: 8.10.in-addr.arpa. static
	local-data-ptr: '10.8.0.1 gw.zzz'
	local-zone: 0.8.d.f.ip6.arpa. static
	local-data-ptr: 'fd80::1 gw.zzz'


forward-zone: # CloudFlare
	name: .
	forward-tls-upstream: yes
	forward-addr: '1.1.1.1@853#cloudflare-dns.com'
	forward-addr: '1.0.0.1@853#cloudflare-dns.com'
	forward-addr: '2606:4700:4700::1111@853#cloudflare-dns.com'
	forward-addr: '2606:4700:4700::1001@853#cloudflare-dns.com'


# There are 6 stub zones defined in the real setup,
#  exactly like one below, all forwarded to "127.0.0.1" where tinydns listens
stub-zone:
	name: 10.in-addr.arpa.
	stub-addr: 127.0.0.1


remote-control:
	control-enable: yes
	control-interface: 127.0.0.1
	control-use-cert: no