# Remote control config section update.
# Previous defaults allowed any process to change settings, CVE-2024-1488
remote-control:
    # set to an absolute path to use a unix local name pipe, certificates
    # are not used for that, so key and cert files need not be present.
    control-interface: "/run/unbound/control"

    # For local sockets this option is ignored, and TLS is not used.
    control-use-cert: "yes"