commit c3ee46cf3703b236c6999e901461f4e455477929
Author: Christopher Jones <jones.chrisk@gmail.com>
Date:   Wed Feb 11 12:11:16 2026 -0500

    adding main unbound configuration file and top-level readme

diff --git a/etc/unbound/unbound.conf b/etc/unbound/unbound.conf
new file mode 100644
index 0000000..997a91e
--- /dev/null
+++ b/etc/unbound/unbound.conf
@@ -0,0 +1,36 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
+
+    server:
+    # location of the trust anchor file that enables DNSSEC
+    # auto-trust-anchor-file: "/var/lib/unbound/root.key"
+    # send minimal amount of information to upstream servers to enhance privacy
+    qname-minimisation: yes
+    # the interface that is used to connect to the network (this will listen to all interfaces)
+    interface: 0.0.0.0
+    # interface: ::0
+    # addresses from the IP range that are allowed to connect to the resolver
+    access-control: 192.168.88.0/24 allow
+    # allow Tailnet
+    access-control: 100.64.0.0/10 allow
+    # allow Tailnet IPv6
+    access-control: fd7a:115c:a1e0::/48 allow
+    
+    do-ip4: yes
+    do-ip6: yes
+    do-udp: yes
+    do-tcp: yes
+
+
+remote-control:
+    # allows controlling unbound using "unbound-control"
+    control-enable: yes
+
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..f53cc71
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,2 @@
+System configuration files for host teal.  The directory hierarchy under this repo corresponds to the directory hierarchy under / (root) on the host teal.
+