server:
verbosity: 1
statistics-interval: 0
shm-enable: no
shm-key: 11777
statistics-cumulative: no
extended-statistics: no
num-threads: 1
interface: 0.0.0.0
interface-automatic:no
port: 53
outgoing-range:4096
outgoing-port-permit:32768
outgoing-port-avoid: "3200-3208"
outgoing-num-tcp:10
incoming-num-tcp:10
so-rcvbuf:0
so-sndbuf: 0
so-reuseport: no
ip-transparent: no
ip-freebind: no
edns-buffer-size: 4096
max-udp-size: 4096
msg-buffer-size: 65552
msg-cache-size: 4m
msg-cache-slabs: 4
num-queries-per-thread: 1024
jostle-timeout: 200
delay-close: 0
rrset-cache-size: 4m
rrset-cache-slabs: 4
cache-min-ttl: 0
cache-max-ttl: 86400
cache-max-negative-ttl: 3600
infra-host-ttl: 900
infra-cache-min-rtt: 50
infra-cache-slabs: 4
infra-cache-numhosts: 10000
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
tcp-upstream: no
udp-upstream-without-downstream: no
tcp-mss: 0
outgoing-tcp-mss: 0
use-systemd: no
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: ::0/0 refuse
access-control: ::1 allow
access-control: ::ffff:127.0.0.1 allow
access-control: 192.168.18.0/24 allow
chroot: ""
username: "unbound"
directory: ""
logfile: ""
use-syslog: yes
log-identity: ""
log-time-ascii: no
log-queries: no
log-replies: no
pidfile: "/usr/local/etc/unbound/unbound.pid"
root-hints: "/var/unbound/named.root"
hide-identity: no
hide-version: no
hide-trustanchor: no
identity: ""
version: ""
target-fetch-policy: "3 2 1 0 0"
harden-short-bufsize: no
harden-large-queries: no
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: no
harden-referral-path: no
harden-algo-downgrade: no
qname-minimisation: yes
qname-minimisation-strict: no
aggressive-nsec: no
use-caps-for-id: no
private-address:10.0.0.0/8
private-address:172.16.0.0/12
private-address:192.168.0.0/16
private-address:169.254.0.0/16
private-address:fd00 :: / 8
private-address:fe80 :: / 10
private-address :: :: ffff:0:0/96
private-domain: "example.com"
unwanted-reply-threshold: 0
do-not-query-address: 127.0.0.1/8
do-not-query-address: ::1
do-not-query-localhost: yes
prefetch: no
prefetch-key: no
rrset-roundrobin: no
minimal-responses: no
disable-dnssec-lame-check: no
module-config: "validator iterator"
auto-trust-anchor-file: "/var/local/etc/unbound/root.key"
trust-anchor-signaling: yes
root-key-sentinel: yes
val-override-date: ""
val-bogus-ttl: 60
val-sig-skew-min: 3600
val-sig-skew-max: 86400
val-clean-additional: yes
val-permissive-mode: no
ignore-cd-flag: no
serve-expired: no
val-log-level: 0
val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
add-holddown: 2592000
del-holddown: 2592000
keep-missing: 31622400
permit-small-holddown: no
key-cache-size: 4m
key-cache-slabs: 4
neg-cache-size: 1m
unblock-lan-zones: no
insecure-lan-zones: no
local-zone: "example.com." static
local-data: "example.com. IN SOA a.example.com. nobody.invalid. 2018010101 3600 1200 604800 10800"
local-data: "example.com. IN NS a.example.com."
local-data: "a.example.com. IN A 192.168.18.10"
local-data: "b.example.com. IN A 192.168.18.11"
local-data-ptr: "192.168.18.10 a.example.com"
tls-service-key: ""
tls-service-pem: ""
tls-port: 853
tls-upstream: no
tls-cert-bundle: ""
tls-win-cert: no
ratelimit: 0
ratelimit-size: 4m
ratelimit-slabs: 4
ratelimit-factor: 10
ratelimit-for-domain: example.com 1000
ratelimit-below-domain: com 1000
ip-ratelimit: 0
ip-ratelimit-size: 4m
ip-ratelimit-slabs: 4
ip-ratelimit-factor: 10
low-rtt:45
low-rtt-permil: 0
auth-zone:
name: "."
url: "
http://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"