# if you don't want dnsmasq on your system you
# can tell a localhost "unbound" DNS server to
# forward .onion requests into Tor.
#
# courtesy of tg of secushare.org
# see the unbound.conf(5) man page for more.

server:
	# The following line will configure unbound to perform cryptographic
	# DNSSEC validation using the root trust anchor.
	auto-trust-anchor-file: "/var/lib/unbound/root.key"
	do-not-query-localhost: no
	harden-dnssec-stripped: no
	private-domain: "onion"

forward-zone:
	name: "onion"
	forward-addr: 127.0.0.1@9053
	forward-first: no