# Unbound configuration file for Debian. # # See the unbound.conf(5) man page. # # See /usr/share/doc/unbound/objectbrokerss/unbound.conf for a commented # reference config file. # # The following line includes additional configuration files from the # /etc/unbound/unbound.conf.d directory. server: # location of the trust anchor file that enables DNSSEC auto-trust-anchor-file: "/root.key" # send minimal amount of information to upstream servers to enhance privacy qname-minimisation: yes # the interface that is used to connect to the network (this will listen to all interfaces) interface: 0.0.0.0 # interface: ::0 private-address: 192.168.0.0/16 private-address: 100.64.0.0/10 # addresses from the IP range that are allowed to connect to the resolver access-control: 192.168.88.0/24 allow # explicitly allow localhost access access-control: 127.0.0.0/8 allow # allow Tailnet access-control: 100.64.0.0/10 allow # uncomment the following line to allow Tailnet IPv6 # access-control: fd7a:115c:a1e0::/48 allow access-control-view: 192.168.88.0/24 lan access-control-view: 100.64.0.0/10 tailnet do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes view: name: "lan" view-first: yes local-zone: "objectbrokers.com." transparent local-data: "nextcloud.objectbrokers.com. A 192.168.88.231" local-data: "photo.objectbrokers.com. A 192.168.88.231" local-data: "gitea.objectbrokers.com. A 192.168.88.231" local-data: "portainer.objectbrokers.com. A 192.168.88.231" local-data: "vaultwarden.objectbrokers.com. A 192.168.88.231" view: name: "tailnet" view-first: yes local-zone: "objectbrokers.com." transparent local-data: "nextcloud.objectbrokers.com. A 100.81.165.11" local-data: "photo.objectbrokers.com. A 100.81.165.11" local-data: "gitea.objectbrokers.com. A 100.81.165.11" local-data: "portainer.objectbrokers.com. A 100.81.165.11" local-data: "vaultwarden.objectbrokers.com. A 100.81.165.11" remote-control: control-enable: yes control-interface: /run/unbound.ctl