server:
	# Debian ca-certificates location
	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
	# Fedora
	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
	# Use system certificates no matter where they are
	tls-system-cert: yes
	# Quad9 says pointless performance impact on forwarders.
	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
	qname-minimisation: no

forward-zone:
	name: "."
	forward-tls-upstream: yes

	# Default / unfiltered
	#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
	#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
	#forward-addr: 1.1.1.1@853#cloudflare-dns.com
	#forward-addr: 1.0.0.1@853#cloudflare-dns.com

	# Malware blocking
	forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
	forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com
	forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
	forward-addr: 1.0.0.2@853#security.cloudflare-dns.com

	# Malware and adult content blocking
	#forward-addr: 2606:4700:4700::1113@853#family.cloudflare-dns.com
	#forward-addr: 2606:4700:4700::1003@853#family.cloudflare-dns.com
	#forward-addr: 1.1.1.3@853#family.cloudflare-dns.com
	#forward-addr: 1.0.0.3@853#family.cloudflare-dns.com

# vim: filetype=unbound.conf