## Simple recursive caching DNS, UDP port 53
## unbound.conf -- https://calomel.org
#
server:
  access-control: 10.0.0.0/8 allow
  access-control: 127.0.0.0/8 allow
  access-control: 192.168.0.0/16 allow
  access-control: 0.0.0.0/0 allow
  #aggressive-nsec: yes
  cache-max-ttl: 14400
  cache-min-ttl: 1200
  do-ip4: yes
  do-ip6: yes
  do-udp: yes
  do-tcp: yes
  hide-identity: yes
  hide-version: yes
  interface-automatic: yes
  prefetch: yes
  root-hints: "etc/root.hints"
  rrset-roundrobin: yes
  so-reuseport: yes
  tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
  use-caps-for-id: yes
  verbosity: 0
  include: "/etc/unbound/conf.d/ads.conf"

  # Unbound from pkg built with libevent; increase threads and slabs to the
  # number of real cpu cores to reduce lock contention. Increase cache size to
  # store more records and allow each thread to serve an increased number of
  # concurrent client requests.
# num-threads: 4
# msg-cache-slabs: 4
# rrset-cache-slabs: 4
# infra-cache-slabs: 4
# key-cache-slabs: 4
# msg-cache-size: 256M
# rrset-cache-size: 512M
# outgoing-range: 8192
# num-queries-per-thread: 4096

forward-zone:
   name: "."
   forward-tls-upstream: yes
   forward-addr: 1.0.0.1@853#one.one.one.one
   forward-addr: 1.1.1.1@853#one.one.one.one
   forward-addr: 8.8.4.4@853#dns.google
   forward-addr: 8.8.8.8@853#dns.google
   forward-addr: 9.9.9.9@853#dns.quad9.net
   forward-addr: 149.112.112.112@853#dns.quad9.net