server:
  verbosity: 1
  interface-automatic: yes
  ip-freebind: yes
  port: 53
  do-ip4: yes
  do-ip6: yes
  do-udp: yes
  do-tcp: no
    
  # access control
{% for network in unbound_allow_access %}
  ## {{ network.name }}
  access-control: {{ network.network }} allow

{% endfor %}
  
  # security and performance
  cache-max-ttl: 86400
  cache-min-ttl: 3600
  harden-dnssec-stripped: yes
  harden-glue: yes
  hide-identity: yes
  hide-version: yes
  infra-cache-slabs: 8
  key-cache-slabs: 8
  msg-cache-slabs: 8
  num-threads: 2
  prefetch: yes
  rrset-cache-slabs: 8
  use-caps-for-id: no
  
  # include zone configurations
  include: "/etc/unbound/zones.conf"

# forward zones configuration
forward-zone:
    name: "."
{% for dns_server in unbound_upstream_dns %}
    forward-addr: {{ dns_server }}
{% endfor %}