server:
	verbosity: 1

	interface: ::0
	interface: 0.0.0.0

	# the amount of memory to use for the RRset cache.
	# plain value in bytes or you can append k, m or G. default is "4Mb". 
	rrset-cache-size: 1m

	# the number of slabs to use for the RRset cache.
	# the number of slabs must be a power of 2.
	# more slabs reduce lock contention, but fragment memory usage.
	rrset-cache-slabs: 2

	# control which clients are allowed to make (recursive) queries
	# to this server. Specify classless netblocks with /size and action.
	# By default everything is refused, except for localhost.
	# Choose deny (drop message), refuse (polite error reply),
	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
	# access-control: 0.0.0.0/0 refuse
	# access-control: 127.0.0.0/8 allow
	# access-control: ::0/0 refuse
	# access-control: ::1 allow
	# access-control: ::ffff:127.0.0.1 allow
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow


	# if given, user privileges are dropped (after binding port),
	# and the given username is assumed. Default is user "unbound".
	# If you give "" no privileges are dropped.
	# username: "unbound"
	username: ""

	# the working directory. The relative files in this config are 
	# relative to this directory. If you give "" the working directory
	# is not changed.
	directory: "/etc/unbound"

	# the log file, "" means log to stderr. 
	# Use of this option sets use-syslog to "no".
	# logfile: ""

	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to 
	# log to, with identity "unbound". If yes, it overrides the logfile.
	use-syslog: yes 

	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
	# log-time-ascii: no

	# the pid file. Can be an absolute path outside of chroot/work dir.
	pidfile: "/var/run/unbound.pid"

	# file to read root hints from.
	# get one from ftp://FTP.INTERNIC.NET/domain/named.cache
	root-hints: "named.cache"
	
	
	# Root zone trust anchor key
	# Will be autoupdated by unbound in case of key change
	auto-trust-anchor-file: "root.autokey"

	# If you want to also do DLV validation (RFC5074),
	# download http://ftp.isc.org/www/dlv/dlv.isc.org.key
	# and uncomment following line:
	#dlv-anchor-file: "dlv.isc.org.key"

	# You can also do ITAR validation (https://itar.iana.org)
	# To download and update anchors.mf file, use update-itar.sh
	# from page http://www.unbound.net/documentation/howto_itar.html
	#trust-anchor-file: "anchors.mf"


    # If you want to forward requests to another recursive DNS server
    # uncomment this. Please note that many DNS recursors do strip 
    # DNSSEC data, rendering unbound server unusable.
    # forward-zone:
    #   name: "."
    #	forward-addr: 8.8.8.8
    #	forward-addr: 8.8.4.4