server: verbosity: 7 use-syslog: no directory: "" pidfile: "unbound.pid" chroot: "" username: "" module-config: "respip validator iterator" # respip for the RPZ part do-not-query-localhost: no use-caps-for-id: no define-tag: "one two refuse rpz-one rpz-two rpz-nx" # Interface configuration for IPv4 interface: @IPV4_ADDR@@@PORT_ALLOW@ interface: @IPV4_ADDR@@@PORT_DENY@ interface: @IPV4_ADDR@@@PORT_REFUSE@ interface: @IPV4_ADDR@@@PORT_TAG_1@ interface: @IPV4_ADDR@@@PORT_TAG_2@ interface: @IPV4_ADDR@@@PORT_TAG_3@ interface: @IPV4_ADDR@@@PORT_RPZ_1@ interface: @IPV4_ADDR@@@PORT_RPZ_2@ interface: @IPV4_ADDR@@@PORT_RPZ_NX@ interface: @IPV4_ADDR@@@PORT_VIEW_INT@ interface: @IPV4_ADDR@@@PORT_VIEW_EXT@ interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow interface-action: @IPV4_ADDR@@@PORT_DENY@ deny # interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse # This is the default action interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one" interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two" interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse" interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one" interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two" interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2" interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int" interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext" interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext" # Mirrored interface configuration for IPv6 interface: @IPV6_ADDR@@@PORT_ALLOW@ interface: @IPV6_ADDR@@@PORT_DENY@ interface: @IPV6_ADDR@@@PORT_REFUSE@ interface: @IPV6_ADDR@@@PORT_TAG_1@ interface: @IPV6_ADDR@@@PORT_TAG_2@ interface: @IPV6_ADDR@@@PORT_TAG_3@ interface: @IPV6_ADDR@@@PORT_RPZ_1@ interface: @IPV6_ADDR@@@PORT_RPZ_2@ interface: @IPV6_ADDR@@@PORT_RPZ_NX@ interface: @IPV6_ADDR@@@PORT_VIEW_INT@ interface: @IPV6_ADDR@@@PORT_VIEW_EXT@ interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow interface-action: @IPV6_ADDR@@@PORT_DENY@ deny # interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse # This is the default action interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one" interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two" interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse" interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one" interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two" interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2" interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int" interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext" interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext" # Mirrored interface configuration for interface name interface: @INTERFACE@@@PORT_ALLOW@ interface: @INTERFACE@@@PORT_DENY@ interface: @INTERFACE@@@PORT_REFUSE@ interface: @INTERFACE@@@PORT_TAG_1@ interface: @INTERFACE@@@PORT_TAG_2@ interface: @INTERFACE@@@PORT_TAG_3@ interface: @INTERFACE@@@PORT_RPZ_1@ interface: @INTERFACE@@@PORT_RPZ_2@ interface: @INTERFACE@@@PORT_RPZ_NX@ interface: @INTERFACE@@@PORT_VIEW_INT@ interface: @INTERFACE@@@PORT_VIEW_EXT@ interface: @INTERFACE@@@PORT_VIEW_INTEXT@ interface-action: @INTERFACE@@@PORT_ALLOW@ allow interface-action: @INTERFACE@@@PORT_DENY@ deny # interface-action: @INTERFACE@@@PORT_REFUSE@ refuse # This is the default action interface-action: @INTERFACE@@@PORT_TAG_1@ allow interface-action: @INTERFACE@@@PORT_TAG_2@ allow interface-action: @INTERFACE@@@PORT_TAG_3@ allow interface-action: @INTERFACE@@@PORT_RPZ_1@ allow interface-action: @INTERFACE@@@PORT_RPZ_2@ allow interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow interface-tag: @INTERFACE@@@PORT_TAG_1@ "one" interface-tag: @INTERFACE@@@PORT_TAG_2@ "two" interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse" interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one" interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two" interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2" interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int" interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext" interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext" # Interface with scope_id interface: @INTERFACE@vlan50@@PORT_ALLOW@ interface: @INTERFACE@vlan51@@PORT_ALLOW@ interface-tag: @INTERFACE@vlan50@@PORT_ALLOW@ "one" interface-tag: @INTERFACE@vlan51@@PORT_ALLOW@ "two" interface-action: @INTERFACE@vlan50@@PORT_ALLOW@ allow interface-action: @INTERFACE@vlan51@@PORT_ALLOW@ allow local-zone: one.vtest. static local-data: "one.vtest. A 1.1.1.1" local-zone-tag: one.vtest. "one" local-zone: two.vtest. static local-data: "two.vtest. A 2.2.2.2" local-zone-tag: two.vtest. "two" # Local zones configuration local-zone: local. transparent local-data: "local. A 0.0.0.0" local-zone-tag: local. "one two refuse" # Views configuration view: name: "int" view-first: yes local-zone: "." refuse local-zone: "internal" transparent view: name: "ext" view-first: yes local-zone: "internal" refuse view: name: "intext" view-first: yes # RPZ configuration rpz: name: "rpz-one" zonefile: "rpz-one.zone" tags: "rpz-one" rpz: name: "rpz-two" zonefile: "rpz-two.zone" tags: "rpz-two" rpz: name: "rpz-nx" zonefile: "rpz-nx.zone" tags: "rpz-nx" # Stubs configuration forward-zone: name: "." forward-addr: @IPV4_ADDR@@@FORWARD_PORT@ stub-zone: name: "internal" stub-addr: @IPV4_ADDR@@@STUB_PORT@