server: trust-anchor-file: "/etc/unbound/trusted-key.key" root-key-sentinel: yes tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt hide-http-user-agent: yes hide-identity: yes hide-trustanchor: yes hide-version: yes deny-any: yes harden-algo-downgrade: yes harden-large-queries: yes harden-referral-path: yes harden-short-bufsize: yes ignore-cd-flag: yes max-udp-size: 3072 module-config: "validator iterator" qname-minimisation-strict: yes unwanted-reply-threshold: 10000000 use-caps-for-id: yes outgoing-port-permit: 1024-65535 prefetch: yes prefetch-key: yes forward-zone: name: "." forward-tls-upstream: yes forward-addr: 1.1.1.2@853#security.cloudflare-dns.com forward-addr: 1.0.0.2@853#security.cloudflare-dns.com forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com