This one’s simple. I just installed it and did a little configuring. Here’s a config file with some comments:
server: verbosity: 1 num-threads: 4 interface: 127.0.0.1 interface: ::1 interface: [vpn server ip] # Control access to the server (really just allow vpn access) access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: ::ffff:127.0.0.1 allow access-control: [vpn server ip].0/24 allow # some security things hide-identity: yes hide-version: yes harden-short-bufsize: yes harden-large-queries: yes harden-glue: yes harden-below-nxdomain: yes # Don't resolve private addresses private-address: 10.0.0.0/8 private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 private-domain: yourdomain.example # speed improvements prefetch: yes prefetch-key: yes # enable DNSSEC: auto-trust-anchor-file: "/var/lib/unbound/root.key"
A config file https://calomel.org/unbound_dns.html