1 files changed, 20 insertions, 5 deletions

diff --git a/main/unbound/conf.patch b/main/unbound/conf.patch
index f7ad7515dc..dbf4140d47 100644
--- a/main/unbound/conf.patch
+++ b/main/unbound/conf.patch
@@ -1,8 +1,8 @@
 --- a/doc/example.conf.in
 +++ b/doc/example.conf.in
-@@ -308,12 +308,9 @@
- 	# timetoresolve, fromcache and responsesize.
- 	# log-replies: no
+@@ -337,12 +337,9 @@
+ 	# print log lines that say why queries return SERVFAIL to clients.
+ 	# log-servfail: no
  
 -	# the pid file. Can be an absolute path outside of chroot/work dir.
 -	# pidfile: "@UNBOUND_PIDFILE@"
@@ -14,7 +14,7 @@
  
  	# enable to not answer id.server and hostname.bind queries.
  	# hide-identity: no
-@@ -450,7 +447,7 @@
+@@ -489,7 +486,7 @@
  	# you start unbound (i.e. in the system boot scripts).  And enable:
  	# Please note usage of unbound-anchor root anchor is at your own risk
  	# and under the terms of our LICENSE (see that file in the source).
@@ -23,7 +23,7 @@
  
  	# trust anchor signaling sends a RFC8145 key tag query after priming.
  	# trust-anchor-signaling: yes
-@@ -464,7 +461,7 @@
+@@ -506,7 +503,7 @@
  	# with several entries, one file per entry.
  	# Zone file format, with DS and DNSKEY entries.
  	# Note this gets out of date, use auto-trust-anchor-file please.
@@ -32,3 +32,18 @@
  
  	# Trusted key for validation. DS or DNSKEY. specify the RR on a
  	# single line, surrounded by "". TTL is ignored. class is IN default.
+@@ -841,12 +838,13 @@
+ remote-control:
+ 	# Enable remote control with unbound-control(8) here.
+ 	# set up the keys and certificates with unbound-control-setup.
+-	# control-enable: no
++	control-enable: yes
+ 
+ 	# what interfaces are listened to for remote control.
+ 	# give 0.0.0.0 and ::0 to listen to all interfaces.
+ 	# set to an absolute path to use a unix local name pipe, certificates
+ 	# are not used for that, so key and cert files need not be present.
++	control-interface: /run/unbound/control.sock
+ 	# control-interface: 127.0.0.1
+ 	# control-interface: ::1
+