server: # allow only queries from local machine on port 5353 interface: 127.0.0.1 access-control: 127.0.0.0/8 allow port: 5353 # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" qname-minimisation: yes # Root trust anchor key file for DNSSEC validation. auto-trust-anchor-file: "/etc/unbound/root.key" chroot: ""