harden-algo-downgrade: no
use-caps-for-id: yes
aggressive-nsec: yes
+ qname-minimisation: yes
+
+ # TLS
+ tls-cert-bundle: /etc/ssl/certs/ca-bundle.crt
+
+ # EDNS Buffer Size (#12240)
+ edns-buffer-size: 1232
# Harden against DNS cache poisoning
unwanted-reply-threshold: 1000000
# Include DHCP leases
include: "/etc/unbound/dhcp-leases.conf"
+ # Include hosts
+ include: "/etc/unbound/hosts.conf"
+
# Include any forward zones
include: "/etc/unbound/forward.conf"