# When there is no dnsmasq

server:
    # perform cryptographic DNSSEC validation using the root trust anchor.
    # this should be in /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
    # auto-trust-anchor-file: "/var/lib/unbound/root.key"
    #interface: 127.0.0.1
    access-control: 127.0.0.0/8 allow
    #interface: ::1
    access-control: ::1 allow
    port: 53
    # logging
    chroot: ""
    use-syslog: yes
    log-time-ascii: yes
    log-queries: yes
    # 0 - 5, default 1, query information 3
    verbosity: 1
    # more cache memory, rrset=msg*2
    rrset-cache-size: 500m
    msg-cache-size: 250m