[some global config]server: chroot: /var/unbound username: unbound di

1. [some global config]
2.  
3. server:
4. chroot: /var/unbound
5. username: unbound
6. directory: /var/unbound
7. pidfile: /var/run/unbound.pid
8. root-hints: /root.hints
9. use-syslog: yes
10. verbosity: 2
11. do-ip4: yes
12. do-udp: yes
13. do-tcp: yes
14. do-daemonize: yes
15. serve-expired: no
16. jostle-timeout: 200
17. auto-trust-anchor-file: /var/unbound/root.key
18. prefetch: no
19.  
20. [some tag defs]
21.  
22. define-tag:client_group_A
23. define-tag:client_group_B
24.  
25. [some tagging rules, a bit like this]
26.  
27. if (client_IP in subnet 10.0.0.0/16) then: tag=client_group_A
28. if (client_IP in subnet 10.1.0.0/16) then: tag=client_group_B
29. if (client_IP in subnet 10.2.0.0/16) then: tag=client_group_C
30. if (client_port == 53) then: tag=client_group_A
31. if (client_port == 1053) then: tag=client_group_B
32.  
33. [finally, some views, a bit like this]
34.  
35. if (tagged with client_group_A) then: {
36. "." forwarding rules applicable to client_group_A
37. some local-zone and local_data to serve to client_group_A
38. }
39.  
40. if (tagged with client_group_B) then: {
41. "." forwarding rules applicable to client_group_B
42. some local-zone and local_data to serve to client_group_B
43. }
44.  
45. if (tagged with client_group_C) then: {
46. no forwarding rules - authoritative responses only for 2 specific domains
47. }
48.  
49. if (untagged) then: {
50. "." forwarding rules applicable to untagged clients
51. some local-zone and local_data to serve to untagged clients
52. }