server:
    # provided by pkg_apt:unbound-anchor
    auto-trust-anchor-file: "/var/lib/unbound/root.key"

    verbosity: 0

% if node.has_bundle('netdata'):
    statistics-interval: 1
    extended-statistics: yes
% else:
    statistics-interval: 300
% endif
    statistics-cumulative: no

    num-threads: ${threads}

% if node.has_bundle('iptables'):
    # Use iptables to manage access to this service
    interface: 0.0.0.0
    interface: ::0
    access-control: 0.0.0.0/0 allow
    access-control: ::/0 allow
% else:
    interface: 127.0.0.1
    interface: ::1
    access-control: 127.0.0.1 allow
    access-control: ::1 allow
% endif

    msg-cache-size: ${cache_size}
    msg-cache-slabs: ${cache_slabs}
    rrset-cache-size: ${cache_size}
    rrset-cache-slabs: ${cache_slabs}
    cache-max-ttl: ${max_ttl}
    cache-max-negative-ttl: 600

    prefetch: yes
    prefetch-key: yes

    use-syslog: yes
    log-queries: no

    root-hints: "/etc/unbound/root-hints.txt"

    tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"

remote-control:
% if node.has_bundle('netdata'):
    control-enable: yes
% else:
    control-enable: no
% endif