server:
    chroot: /etc/unbound

    do-ip4: yes
    do-ip6: no

    interface: 0.0.0.0@53
    port: 53

    # tls-upstream: yes
    # tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

    # initially create using unbound-anchor -a /etc/unbound/root.key
    auto-trust-anchor-file: /etc/unbound/root.key

    # can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md or using certbot
    tls-service-key: /etc/unbound/privkey.pem
    tls-service-pem: /etc/unbound/pubcert.pem
    interface: 0.0.0.0@853
    tls-port: 853
    interface: 0.0.0.0@443
    https-port: 443

    num-threads: 2

    # curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
    root-hints: /etc/unbound/root.hints

    do-daemonize: no

    verbosity: 1
    logfile: "/etc/unbound/unbound.log"
    log-time-ascii: yes
    log-queries: yes
    log-replies: yes

    access-control: 0.0.0.0/0 allow