server: # provided by pkg_apt:unbound-anchor auto-trust-anchor-file: "/var/lib/unbound/root.key" verbosity: 0 statistics-interval: 60 extended-statistics: yes statistics-cumulative: no num-threads: ${threads} % if node.has_bundle('nftables') and not node.has_bundle('vmhost'): # Use nftables to manage access to this service interface: 0.0.0.0 interface: ::0 access-control: 0.0.0.0/0 allow access-control: ::/0 allow % else: interface: 127.0.0.1 interface: ::1 access-control: 127.0.0.1 allow access-control: ::1 allow % endif msg-cache-size: ${cache_size} msg-cache-slabs: ${cache_slabs} rrset-cache-size: ${cache_size} rrset-cache-slabs: ${cache_slabs} cache-max-ttl: ${max_ttl} cache-max-negative-ttl: 600 prefetch: yes prefetch-key: yes use-syslog: yes log-queries: no root-hints: "/etc/unbound/root-hints.txt" tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" remote-control: % if node.has_bundle('telegraf'): control-enable: yes % else: control-enable: no % endif