server:
    chroot: /etc/unbound

    do-ip4: yes
    do-ip6: no

    interface: 0.0.0.0@53
    port: 53

    # tls-upstream: yes
    # tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

    # initially create using unbound-anchor -a /etc/unbound/root.key
    auto-trust-anchor-file: /etc/unbound/root.key

    tls-service-key: /etc/unbound/privkey.pem
    tls-service-pem: /etc/unbound/pubcert.pem
    interface: 0.0.0.0@853
    tls-port: 853

    num-threads: 2

    # curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
    root-hints: /etc/unbound/root.hints

    do-daemonize: no

    verbosity: 1
    logfile: ""
    log-time-ascii: yes
    log-queries: no
    log-replies: no

    access-control: 172.16.0.0/16 allow
    access-control: 10.200.200.0/24 allow
    access-control: 172.17.0.0/16 allow

    local-zone: "nober.de." transparent
        local-data: "base.hv.nober.de. IN A 172.16.10.41"
        local-data: "api.hv.nober.de. IN A 172.16.10.41"

    local-zone: "hottis.de." transparent
        local-data: "authservice.hottis.de. IN A 172.16.10.41"
        local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
        local-data: "smarthome.hottis.de. IN A 172.16.10.41"
        local-data: "registry.hottis.de. IN A 172.16.10.41"
        local-data: "home.hottis.de. IN A 172.16.10.41"
        local-data: "sink.hottis.de. IN A 172.16.10.42"
        local-data: "brkrint.hottis.de. IN A 172.16.2.16"
        local-data: "vpnhead.hottis.de. IN A 172.16.12.10"
        local-data: "syslog.hottis.de. IN A 172.16.11.15"

    local-zone: "mainscnt.eu." transparent
        local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"
        local-data: "wiki.mainscnt.eu. IN A 172.16.10.41"
        local-data: "broker.mainscnt.eu. IN A 172.16.10.40"
        local-data: "db.mainscnt.eu. IN A 172.16.10.27"