# $NetBSD: unbound.conf,v 1.1 2026/07/01 03:56:27 riastradh Exp $ # # This is a minimal unbound(8) configuration for `unbound=YES' in # /etc/rc.conf to enable a local recursive resolver on NetBSD, # listening on 127.0.0.1:53 and [::1]:53, controllable locally via # unbound-control(8). # # For other example configuration for other use cases, see # /usr/share/examples/unbound. # server: # Maintain root DNSSEC anchors here, relative to the Unbound # working directory (default /etc/unbound). auto-trust-anchor-file: "root.key" # Unbound daemon runs chrooted in this directory. /etc/unbound # will be set up as a symlink to # /var/chroot/unbound/etc/unbound so editing # /etc/unbound/unbound.conf still works. chroot: "/var/chroot/unbound" # Daemonize for running under rc(8). do-daemonize: yes # Write a pidfile to the canonical location for rc(8). pidfile: "/var/run/unbound.pid" # Use the system default UDP send buffer size. We explicitly # set this in order to suppress a confusing warning message at # startup. # # PR bin/60325: unbound emits warning: so-sndbuf 4194304 was # not granted so-sndbuf: 0 # Once chrooted, run the Unbound daemon unprivileged as this # user. username: _unbound # Send log messages to syslog. use-syslog: yes remote-control: # Enable local control with the unbound-control(8) command. # Only root and users in the _unbound user's group will have # access. control-enable: yes control-interface: /var/run/unbound.control