server:
	verbosity: 1
	use-syslog: no
	logfile: "/var/log/unbound.log"
	log-time-ascii: yes

	num-threads: 2

	# Parametres par defaut qu'on laisse pour s'en souvenir
	interface: 127.0.0.1
	interface: ::1
	do-ip4: yes
	do-ip6: yes
	do-udp: yes
	do-tcp: yes

	root-hints: "/var/lib/unbound/root.hints"
	
	harden-referral-path: yes  
	use-caps-for-id: yes
	hide-identity: yes
	hide-version: yes
	harden-glue: yes
	harden-dnssec-stripped: yes
	
	# the time to live (TTL) value lower bound, in seconds. Default 0.
	# If more than an hour could easily give trouble due to stale data.
	# WARNING : against protocol rule but efficient against stupidly too low TTLs

	cache-min-ttl: 3600	

	# the time to live (TTL) value cap for RRsets and messages in the
	# cache. Items are not cached for longer. In seconds.
	cache-max-ttl: 86400
	
	prefetch: yes	

	# If nonzero, unwanted replies are not only reported in statistics, but also
	# a running total is kept per thread. If it reaches the threshold, a warning
	# is printed and a defensive action is taken, the cache is cleared to flush
	# potential poison out of it.  A suggested value is 10000000, the default is
	# 0 (turned off). We think 10K is a good value.
	unwanted-reply-threshold: 10000

	# Should additional section of secure message also be kept clean of unsecure
	# data. Useful to shield the users of this validator from potential bogus
	# data in the additional section. All unsigned data in the additional section
	# is removed from secure messages.

	val-clean-additional: yes

	# Log validation failures
	val-log-level: 2

	# Qname minimization, harden-below-nxdomain is recommanded, see manpage for 
	# details & https://unbound.net/pipermail/unbound-users/2015-December/004129.html and RFC 8020
	harden-below-nxdomain: yes
	qname-minimisation: yes

	private-address: 10.0.0.0/8
	private-address: 172.16.0.0/12
	private-address: 192.168.0.0/16
	private-address: 169.254.0.0/16
	private-address: fd00::/8
	private-address: fe80::/10