====== DNS mit Unbound ======

  > apt install unbound
  > systemctl enable unbound
  > systemctl start unbound
  > systemctl status unbound

<code ini /etc/unbound/unbound.conf.d/default.conf>
server:
	verbosity: 1

	port: 53
	#tls-port: 853
	interface-automatic: yes
	#interface-automatic-ports: "53 853"
	interface-automatic-ports: "53"

	do-ip4: yes
	do-ip6: yes
	prefer-ip4: no
	prefer-ip6: yes
	do-udp: yes
	do-tcp: yes

	use-syslog: yes
	log-time-ascii: yes
	log-queries: no
	log-replies: no
	log-tag-queryreply: yes
	log-local-actions: yes
	log-servfail: yes

	# apt install dns-root-data
	root-hints: /usr/share/dns/root.hints
	# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
	#root-hints: root.hints

	hide-identity: yes
	hide-version: yes
	harden-short-bufsize: yes
	harden-large-queries: no
	harden-glue: yes
	harden-dnssec-stripped: yes
	harden-below-nxdomain: yes
	harden-referral-path: no
	harden-algo-downgrade: yes
	qname-minimisation: yes
	qname-minimisation-strict: no
	prefetch: yes
	prefetch-key: yes
	minimal-responses: no

	private-address: 10.0.0.0/8
	private-address: 172.16.0.0/12
	private-address: 192.168.0.0/16
	private-address: 169.254.0.0/16
	private-address: fd00::/8
	private-address: fe80::/10

	private-address: 127.0.0.0/8
	private-address: ::ffff:0:0/96

	private-domain: fritz.box
	domain-insecure: fritz.box

forward-zone:
	name: fritz.box.
	forward-addr: fd00::de15:c8ff:feb6:1e26
	forward-addr: 192.168.1.254
	forward-no-cache: yes
</code>