From 3db6af5c90e83f5fa39875d843cf86415c47b438 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9?= <andre.peters@servercow.de>
Date: Fri, 12 Oct 2018 10:56:17 +0200
Subject: [PATCH] [Unbound] Trust all addresses - do not expose Unbound!

---
 data/conf/unbound/unbound.conf | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 6d7f1f04..9d8229ca 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -8,20 +8,22 @@ server:
   do-udp: yes
   do-tcp: yes
   do-daemonize: no
+  access-control: 0.0.0.0/0 allow
   access-control: 10.0.0.0/8 allow
   access-control: 172.16.0.0/12 allow
   access-control: 192.168.0.0/16 allow
   access-control: fc00::/7 allow
   access-control: fe80::/10 allow
+  access-control: ::0/0 allow
   directory: "/etc/unbound"
   username: unbound
   auto-trust-anchor-file: trusted-key.key
-  private-address: 10.0.0.0/8
-  private-address: 172.16.0.0/12
-  private-address: 192.168.0.0/16
-  private-address: 169.254.0.0/16
-  private-address: fc00::/7
-  private-address: fe80::/10
+  #private-address: 10.0.0.0/8
+  #private-address: 172.16.0.0/12
+  #private-address: 192.168.0.0/16
+  #private-address: 169.254.0.0/16
+  #private-address: fc00::/7
+  #private-address: fe80::/10
   root-hints: "/etc/unbound/root.hints"
   hide-identity: yes
   hide-version: yes