Unbound.conf

/usr/local/etc/unbound/unbound.conf⌗

My unbound configuration that does IPv4&6, DNS over TLS upstream to Cloudflare, receives DNS over HTTPS & plain DNS, blocks a list of ad domains, and includes custom records for my local network.

include-toplevel: "/usr/local/etc/unbound/blacklist.conf"
server:
	username: unbound
	tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
	access-control: 0.0.0.0/0 allow
	access-control: 0000:0000:0000:0000:0000:0000:0000:0000/0 allow
	num-threads: 4
	
	# Plain DNS listen
	interface: 0.0.0.0@53
	interface: ::0@53
	
	# DNS over HTTPS listen
	interface: 0.0.0.0@443
	interface: ::0@443
	tls-service-key: "/usr/local/etc/letsencrypt/live/myhouse.com/privkey.pem"
	tls-service-pem: "/usr/local/etc/letsencrypt/live/myhouse.com/cert.pem"

	#local DNS records
	local-data: "dns.myhouse.com A 192.168.1.210"
	local-data: "remote.home A 192.168.1.211"
	local-data: "lamp.home A 192.168.1.213"
	local-data: "meter.home A 192.168.1.214"
	local-data: "solar.home A 192.168.1.240"

forward-zone:
	name: "."
	forward-tls-upstream: yes
	forward-addr: 1.0.0.1@853#one.one.one.one
	forward-addr: 1.1.1.1@853#one.one.one.one
	forward-addr: 2606:4700:4700::1111@853#one.one.one.one
	forward-addr: 2606:4700:4700::1001@853#one.one.one.one