diff --git a/etc/unbound/unbound.conf.d/dot-mullvad.conf b/etc/unbound/unbound.conf.d/dot-mullvad.conf
new file mode 100644
index 00000000..efc83989
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-mullvad.conf
@@ -0,0 +1,34 @@
+server:
+	# Debian ca-certificates location
+	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# ctrl.blog says this is the Fedora location
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	# Use system certificates no matter where they are
+	tls-system-cert: yes
+	# Quad9 says pointless performance impact on forwarders.
+	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
+	qname-minimisation: no
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	# Unfiltered
+	#forward-addr: 194.242.2.2@853#dns.mullvad.net
+	#forward-addr: 2a07:e340::2@853#dns.mullvad.net
+	# Adblock and tracking protection
+	#forward-addr: 194.242.2.3@853#adblock.dns.mullvad.net
+	#forward-addr: 2a07:e340::3@853#adblock.dns.mullvad.net
+	# Above + malware protection
+	forward-addr: 194.242.2.4@853#base.dns.mullvad.net
+	forward-addr: 2a07:e340::4@853#base.dns.mullvad.net
+	# Above + social media blocking
+	#forward-addr: 194.242.2.5@853#extended.dns.mullvad.net
+	#forward-addr: 2a07:e340::5@853#extended.dns.mullvad.net
+	# Blocking for ads, trackers, malware, adult, gambling
+	#forward-addr: 194.242.2.6@853#family.dns.mullvad.net
+	#forward-addr: 2a07:e340::6@853#family.dns.mullvad.net
+	# Blocking all of the above
+	#forward-addr: 194.242.2.9@853#all.dns.mullvad.net
+	#forward-addr: 2a07:e340::9@853#all.dns.mullvad.net
+
+# vim: filetype=unbound.conf