<file /etc/unbound/unbound.conf>
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.

server:
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    num-threads: 9
    use-syslog: yes
    log-queries: no
    prefetch: yes
    prefetch-key: yes
    val-log-level: 2
    #val-permissive-mode: yes
    local-zone: sunsec.lan. transparent
    local-zone: lan. transparent
    local-zone: brm. transparent
    local-data: "test.sunsec.cz.    IN A 77.78.111.15"
    domain-insecure: "brm"
    logfile: "/etc/unbound/unbound.log"
    access-control: 127.0.0.0/8 allow_snoop
forward-zone:
    name: "brm"
    forward-addr: 192.168.77.20
forward-zone:
    name: "hack"
    forward-addr: 192.168.77.20
</file>