# The server clause sets the main parameters. 
server:
	verbosity: 1
	statistics-interval: 0
	statistics-cumulative: no
	extended-statistics: no
	num-threads: 4
	interface: 200.17.33.89
	interface-automatic: no
	port: 53
	outgoing-interface: 200.17.33.89
	outgoing-range: 100
	outgoing-num-tcp: 50
	incoming-num-tcp: 50
	so-reuseport: no
	edns-buffer-size: 4096
	max-udp-size: 4096
	msg-buffer-size: 65552
	msg-cache-size: 128m
	do-ip4: yes
	do-ip6: yes
	do-udp: yes
	do-tcp: yes
	do-daemonize: yes
	# control which clients are allowed to make (recursive) queries
	# to this server. Specify classless netblocks with /size and action.
	# By default everything is refused, except for localhost.
	# Choose deny (drop message), refuse (polite error reply),
	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
	# deny_non_local (drop queries unless can be answered from local-data)
	# refuse_non_local (like deny_non_local but polite error reply).
	access-control: 127.0.0.0/8 allow
	access-control: 200.17.33.0/24 allow
	access-control: 200.17.32.0/24 allow
	access-control: 186.225.63.200/29 allow
	access-control: 187.19.201.48/29 allow
	access-control: 201.20.93.170/29 allow
	access-control: 200.129.0.33/32 allow
	access-control: 200.129.0.34/32 allow
	access-control: 200.129.9.0/24 allow
	access-control: 200.129.10.0/24 allow
	access-control: 200.129.11.0/24 allow
	access-control: 200.129.16.0/24 allow
	access-control: 200.129.17.0/24 allow
	access-control: 200.129.18.0/26 allow
	access-control: 200.129.18.64/26 allow
	access-control: 200.129.18.128/26 allow
	access-control: 200.129.24.0/24 allow
	access-control: 200.129.25.0/24 allow
	access-control: 200.129.46.0/24 allow
	access-control: 200.129.48.0/24 allow
	access-control: 201.20.97.248/29 allow
	access-control: 201.20.98.0/29 allow
	chroot: "/usr/local/etc/unbound"
	username: "unbound"
	directory: "/usr/local/etc/unbound"
	logfile: "/usr/local/etc/unbound/unbound.log"
	use-syslog: no
	log-time-ascii: no
	log-queries: no
	pidfile: "/usr/local/etc/unbound/unbound.pid"
	root-hints: "/usr/local/etc/unbound/root.hints"
	hide-identity: yes
	hide-version: yes
	identity: "Servidor de DNS recursivo do IFCE"

remote-control:
	control-enable: no
	control-interface: 127.0.0.1