# Remote control config section update.
# Previous defaults allowed any process to change settings, CVE-2023-1488
# This file can be used also by: unbound-control -c <path>
remote-control:
	# Enable remote control with unbound-control(8) here.
	# set up the keys and certificates with unbound-control-setup.
	control-enable: yes

	# set to an absolute path to use a unix local name pipe, certificates
	# are not used for that, so key and cert files need not be present.
	control-interface: "/run/unbound/control"

	# For local sockets this option is ignored, and TLS is not used.
	control-use-cert: "yes"

	# Unbound server key file.
	server-key-file: "/etc/unbound/unbound_server.key"

	# Unbound server certificate file.
	server-cert-file: "/etc/unbound/unbound_server.pem"

	# unbound-control key file.
	control-key-file: "/etc/unbound/unbound_control.key"

	# unbound-control certificate file.
	control-cert-file: "/etc/unbound/unbound_control.pem"