server:
        interface: 127.0.0.1
        interface: ::1
        access-control: 0.0.0.0/0 refuse
        access-control: 127.0.0.0/8 allow
        access-control: ::0/0 refuse
        access-control: ::1/128 allow
        do-not-query-localhost: no
        hide-identity: yes
        hide-version: yes
        auto-trust-anchor-file: "/var/unbound/db/root.key"
        val-log-level: 2
        aggressive-nsec: yes
remote-control:
        control-enable: yes
        control-interface: /var/run/unbound.sock
forward-zone:
        name: "."                               # use for ALL queries
        forward-addr: 9.9.9.9                   # example address only