# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
server:
    # Send minimum amount of information to upstream servers to enhance
    # privacy. Only sends minimum required labels of the QNAME and sets
    # QTYPE to NS when possible.

    # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
    # details.

    qname-minimisation: yes
server:
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
server:
    verbosity: 4

    # disable the subnet module
    module-config: "validator iterator"

    private-address: 172.24.0.0/16

    # Allow to resolve AS112 zones
    local-zone: "24.172.in-addr.arpa" nodefault

    trust-anchor: "24.172.in-addr.arpa. IN DS 52954 8 2 4250E2716D37A6674E4793AD3FDEA1440936728B2A1D09B126C692D59F51254B"

auth-zone:
    name: "24.172.in-addr.arpa"
    zonefile: /var/lib/unbound/24.172.in-addr.arpa
    for-downstream: no
    master: 2001:470:b1c3:7941::53
    master: 172.24.21.53