diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in --- unbound-1.13.0.orig/doc/example.conf.in 2020-12-21 09:58:04.154390497 +0100 +++ unbound-1.13.0/doc/example.conf.in 2020-12-21 09:58:53.094583255 +0100 @@ -355,9 +355,6 @@ server: # print log lines that say why queries return SERVFAIL to clients. # log-servfail: no - # the pid file. Can be an absolute path outside of chroot/work dir. - # pidfile: "@UNBOUND_PIDFILE@" - # file to read root hints from. # get one from https://www.internic.net/domain/named.cache # root-hints: "" @@ -507,7 +504,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). - # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + # auto-trust-anchor-file: "" # trust anchor signaling sends a RFC8145 key tag query after priming. # trust-anchor-signaling: yes @@ -519,7 +516,7 @@ server: # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. # Note this gets out of date, use auto-trust-anchor-file please. - # trust-anchor-file: "" + trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" # Trusted key for validation. DS or DNSKEY. specify the RR on a # single line, surrounded by "". TTL is ignored. class is IN default. @@ -900,12 +897,13 @@ dynlib: remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. - # control-enable: no + control-enable: yes # what interfaces are listened to for remote control. # give 0.0.0.0 and ::0 to listen to all interfaces. # set to an absolute path to use a unix local name pipe, certificates # are not used for that, so key and cert files need not be present. + control-interface: /run/unbound.control.sock # control-interface: 127.0.0.1 # control-interface: ::1