# Unbound is used primarily for RBL queries (host 2.0.0.127.zen.spamhaus.org)
# We cannot use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)

server:
        port: 53
        interface: 127.0.0.150
        interface: 172.18.0.1
        ip-freebind: yes
        access-control: 127.0.0.1 allow
        access-control: 172.18.0.1/16 allow
        cache-max-negative-ttl: 30
        cache-max-ttl: 300

        # Prefer IPv4 outbound queries. Spamhaus often rejects queries from IPv6 addresses
        # without this, unbound does not start on IPv6 only servers
        do-ip6: yes
        # this setting only works with ubuntu 24 and unbound >= 1.19.2
        prefer-ip4: yes

        # enable below for logging to journalctl -u unbound
        # verbosity: 5
        # log-queries: yes

# https://github.com/NLnetLabs/unbound/issues/806
remote-control:
    control-enable: no