Unbound config for Linux

Documentation

server:
  use-syslog: yes
  username: "unbound"
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key
  interface: 127.0.0.1
  interface: X.X.X.X
  access-control: 10.0.0.0/8 allow
  access-control: 172.16.0.0/12 allow
  access-control: 192.168.0.0/16 allow
  num-threads: <num_cpu>
  prefetch: yes
  prefetch-key: yes
  minimal-responses: yes
  do-ip6: no # if IPv6 is not available
  so-reuseport: yes

Performance optimisation:

https://nlnetlabs.nl/documentation/unbound/howto-optimise/

server:
    # use all CPUs
    num-threads: <number of cores>

    # power of 2 close to num-threads
    msg-cache-slabs: <same>
    rrset-cache-slabs: <same>
    infra-cache-slabs: <same>
    key-cache-slabs: <same>

    # more cache memory, rrset=msg*2
    rrset-cache-size: 100m
    msg-cache-size: 50m

    # more outgoing connections
    # depends on number of cores: 1024/cores - 50
    outgoing-range: 950

    # Larger socket buffer.  OS may need config.
    so-rcvbuf: 4m
    so-sndbuf: 4m

    # Faster UDP with multithreading (only on Linux).
    so-reuseport: yes