server: verbosity: 4 num-threads: 1 outgoing-range: 16 interface: 127.0.0.1 port: @PORT@ use-syslog: no directory: "" pidfile: "unbound.pid" chroot: "" username: "" do-not-query-localhost: no local-zone: "example.net." redirect local-data: "example.net. IN A 10.20.30.41" remote-control: control-enable: yes control-interface: 127.0.0.1 # control-interface: ::1 control-port: @CONTROL_PORT@ server-key-file: "unbound_server.key" server-cert-file: "unbound_server.pem" control-key-file: "unbound_control.key" control-cert-file: "unbound_control.pem" forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" dnstap: dnstap-enable: yes dnstap-socket-path: "dnstap.socket" dnstap-ip: "127.0.0.1@@TAPPORT@" dnstap-tls: yes dnstap-tls-server-name: "unbound" # the actual tls cert bundle that authenticates the server # is the unbound_server.pem bundle. # we pass the wrong bundle. (of another key we also use in the client # authentication test) dnstap-tls-cert-bundle: "unbound_control.pem" dnstap-send-identity: yes dnstap-send-version: yes #dnstap-identity #dnstap-version dnstap-log-resolver-query-messages: yes dnstap-log-resolver-response-messages: yes dnstap-log-client-query-messages: yes dnstap-log-client-response-messages: yes dnstap-log-forwarder-query-messages: yes dnstap-log-forwarder-response-messages: yes