Working configuration for download

Install Unbound on FREEBSD

pkg install unbound

Edit configuration - all below entries go under server: directive

vim /usr/local/etc/unbound/unbound.conf

Configure chroot

directory: /usr/local/etc/unbound
chroot: /usr/local/etc/unbound

TLS cert bundle

tls-cert-bundle: /usr/local/share/certs/ca-root-nss.crt

Caching TTLs

cache-min-ttl: 72000
cache-max-ttl: 86400

Local blacklist zone file

Download energized list from https://github.com/EnergizedProtection/block

wget https://block.energized.pro/ultimate/formats/unbound.conf

Note: - blacklist needs tweaking i.e. some entries need to be removed

include: /usr/local/etc/unbound/energized-ultimate.blacklist

Forwarding address

forward-zone:
name:”.”
forward-tls-upstream: yes
forward-addr: 45.90.28.0@853#.dns1.nextdns.io

Enable remote control

In its own remote-control: section

remote-control:
    control-enable: yes
    control-use-cert: no

Controling unbound

restart

service unbound restart

flush zone

unbound-control flush_zone youtube.com

dump cache

unbound-control dump_cache