notyal/unbound.conf

## unbound.conf
# https://calomel.org/unbound_dns.html
# https://nlnetlabs.nl/documentation/unbound/unbound.conf/
# https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
server:
	#hide-identity: yes
	access-control: 0.0.0.0/0	deny
	access-control: 127.0.0.1	allow
	access-control: 172.17.17.0/24	allow
	auto-trust-anchor-file: "/var/lib/unbound/root.key"
	cache-max-ttl: 14400
	cache-min-ttl: 1200
	hide-version: yes
	interface: 127.0.0.1
	interface: 172.17.17.1
	max-udp-size: 3072
	prefetch-key: yes
	prefetch: yes
	private-address: 172.17.17.0/24
	qname-minimisation: yes
	root-hints: "/var/lib/unbound/root.hints"
	rrset-roundrobin: yes
	unwanted-reply-threshold: 10000
	use-caps-for-id: yes
	verbosity: 1

forward-zone:
	name: "."
	forward-ssl-upstream: yes
	forward-addr: 1.1.1.1@853
	forward-addr: 1.0.0.1@853
	forward-addr: 8.8.8.8@853
	forward-addr: 8.8.4.4@853
	# https://calomel.org/unbound_dns.html
	# https://nlnetlabs.nl/documentation/unbound/unbound.conf/
	# https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
	server:
	#hide-identity: yes
	access-control: 0.0.0.0/0 deny
	access-control: 127.0.0.1 allow
	access-control: 172.17.17.0/24 allow
	auto-trust-anchor-file: "/var/lib/unbound/root.key"
	cache-max-ttl: 14400
	cache-min-ttl: 1200
	hide-version: yes
	interface: 127.0.0.1
	interface: 172.17.17.1
	max-udp-size: 3072
	prefetch-key: yes
	prefetch: yes
	private-address: 172.17.17.0/24
	qname-minimisation: yes
	root-hints: "/var/lib/unbound/root.hints"
	rrset-roundrobin: yes
	unwanted-reply-threshold: 10000
	use-caps-for-id: yes
	verbosity: 1

	forward-zone:
	name: "."
	forward-ssl-upstream: yes
	forward-addr: 1.1.1.1@853
	forward-addr: 1.0.0.1@853
	forward-addr: 8.8.8.8@853
	forward-addr: 8.8.4.4@853