server:
        verbosity: 2
        num-threads: {{cores}}
{% if topology == 'local' %}
        interface: 127.0.0.1
        access-control: 127.0.0.1/32 allow
{% elif topology == 'subnet' %}
        interface: 10.1.1.254
        access-control: 10.1.1.0/254 allow
{% else %}
        interface: 0.0.0.0
        access-control: 0.0.0.0/0 allow
        #interface: ::0
        #access-control: ::/0 allow
{% endif %}
        pidfile: "/var/run/unbound.pid" # not within chroot
        hide-identity: yes
        hide-version: yes
        #rrset-roundrobin: yes
        qname-minimisation: yes
        do-not-query-localhost: no

        username: "unbound"
        chroot: "/var/chroot/unbound"
        # pathes within chroot
        directory: "/"
        root-hints: "/named.cache"
        auto-trust-anchor-file: "/db/root.key"
        logfile: "/db/unbound.log"

remote-control:
        control-enable: no