server:
    interface: 0.0.0.0
    interface: ::0
    interface-automatic: yes
    
    # Also listen on docker to allow docker container to reach unbound
    #interface: 172.17.0.1
    access-control: 172.0.0.0/8 allow
    access-control: 172.31.0.0/16 allow
    
    trust-anchor-file: "/etc/unbound/trusted-key.key"
    
    cache-max-ttl: 86400
    cache-min-ttl: 7200
    
    hide-identity: yes
    hide-version: yes
    
    qname-minimisation: yes
    
    aggressive-nsec: yes
    prefetch: yes
    serve-expired: yes
    serve-expired-ttl: 86400
    
    #tls-upstream: yes
    #tls-cert-bundle: /etc/ca-certificates/extracted/tls-ca-bundle.pem

    #verbosity: 1
    #log-queries: yes
    # use journalctl to see the logs
    # e.g : journalctl --since 2023-01-01 -f -u unbound

    local-data: "my-resolver.internal TXT local unbound"
    local-zone: "custom.verify" redirect
    local-data: "custom.verify A 42.42.42.42"
    local-zone: "jpp.jpp" redirect
    local-data: "jpp.jpp A 1.1.1.1"
    local-zone: "e.e" redirect
    local-data: "e.e A 42.42.42.42"

remote-control:
	control-enable: yes
	control-interface: 127.0.0.1

# Include others namespace/domains configs
include: /etc/unbound/config.d/*