diff --git a/etc/unbound/unbound.conf.d/remote-control.conf b/etc/unbound/unbound.conf.d/remote-control.conf
new file mode 100644
index 0000000..6c18bd7
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/remote-control.conf
@@ -0,0 +1,5 @@
+remote-control:
+  control-enable: yes
+  # by default the control interface is is 127.0.0.1 and ::1 and port 8953
+  # it is possible to use a unix socket too
+  control-interface: /run/unbound.ctl
diff --git a/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf b/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
new file mode 100644
index 0000000..433eff9
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
@@ -0,0 +1,4 @@
+server:
+    # The following line will configure unbound to perform cryptographic
+    # DNSSEC validation using the root trust anchor.
+    auto-trust-anchor-file: "/var/lib/unbound/root.key"
diff --git a/etc/unbound/unbound.conf.d/zones.conf b/etc/unbound/unbound.conf.d/zones.conf
new file mode 100644
index 0000000..b5f9a6c
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/zones.conf
@@ -0,0 +1,3 @@
+auth-zone:
+  name: objectbrokers.com
+  zonefile: /etc/unbound/zones/objectbrokers.zone