doh-hottis-de/unbound.conf

server:
    chroot: /etc/unbound

    do-ip4: yes
    do-ip6: no

    interface: 0.0.0.0@53
    port: 53

    # tls-upstream: yes
    # tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

    # initially create using unbound-anchor -a /etc/unbound/root.key
    auto-trust-anchor-file: /etc/unbound/root.key

    # can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md or using certbot
    tls-service-key: /etc/unbound/privkey.pem
    tls-service-pem: /etc/unbound/pubcert.pem
    interface: 0.0.0.0@853
    tls-port: 853
    interface: 0.0.0.0@443
    https-port: 443

    num-threads: 2

    # curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
    root-hints: /etc/unbound/root.hints

    do-daemonize: no

    verbosity: 1
    logfile: "/etc/unbound/unbound.log"
    log-time-ascii: yes
    log-queries: yes
    log-replies: yes

    access-control: 0.0.0.0/0 allow
initial 2021-10-29 15:00:37 +02:00			`server:`
			`chroot: /etc/unbound`

			`do-ip4: yes`
			`do-ip6: no`

			`interface: 0.0.0.0@53`
			`port: 53`

			`# tls-upstream: yes`
			`# tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt`

			`# initially create using unbound-anchor -a /etc/unbound/root.key`
			`auto-trust-anchor-file: /etc/unbound/root.key`

			`# can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md or using certbot`
			`tls-service-key: /etc/unbound/privkey.pem`
			`tls-service-pem: /etc/unbound/pubcert.pem`
			`interface: 0.0.0.0@853`
			`tls-port: 853`
			`interface: 0.0.0.0@443`
			`https-port: 443`

			`num-threads: 2`

			`# curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints`
			`root-hints: /etc/unbound/root.hints`

			`do-daemonize: no`

			`verbosity: 1`
			`logfile: "/etc/unbound/unbound.log"`
			`log-time-ascii: yes`
			`log-queries: yes`
			`log-replies: yes`

			`access-control: 0.0.0.0/0 allow`