# if you don't want dnsmasq on your system you # can tell a localhost "unbound" DNS server to # forward .onion requests into Tor. # # courtesy of tg of secushare.org # see the unbound.conf(5) man page for more. server: # The following line will configure unbound to perform cryptographic # DNSSEC validation using the root trust anchor. auto-trust-anchor-file: "/var/lib/unbound/root.key" do-not-query-localhost: no harden-dnssec-stripped: no private-domain: "onion" forward-zone: name: "onion" forward-addr: 127.0.0.1@9053 forward-first: no