Initial unbound configuration

Add access control, listen to the wildcard interfaces and add Debian's
config files.

dns-unbound/unbound.conf

@@ -1,10 +1,3 @@
-#
-# Example configuration file.
-#
-# See unbound.conf(5) man page, version 1.4.22.
-#
-# this is a comment.
-
 #Use this to include other text into the file.
 #include: "otherfile.conf"
 
@@ -38,6 +31,8 @@ server:
 	# interface: 192.0.2.154
 	# interface: 192.0.2.154@5003
 	# interface: 2001:DB8::5
+	interface: 0.0.0.0
+	interface: ::0
 
 	# enable this feature to copy the source address of queries to reply.
 	# Socket options are not supported on all platforms. experimental.
@@ -173,11 +168,16 @@ server:
 	# allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
 	# deny_non_local (drop queries unless can be answered from local-data)
 	# refuse_non_local (like deny_non_local but polite error reply).
-	# access-control: 0.0.0.0/0 refuse
-	# access-control: 127.0.0.0/8 allow
-	# access-control: ::0/0 refuse
-	# access-control: ::1 allow
-	# access-control: ::ffff:127.0.0.1 allow
+	access-control: 0.0.0.0/0 refuse
+	access-control: 127.0.0.0/8 allow
+	access-control: 10.0.0.0/8 allow
+	access-control: ::0/0 refuse
+	access-control: ::1 allow
+	access-control: ::ffff:127.0.0.1 allow
+	access-control: 2a01:b760:abc:2::/64 allow
+	access-control: 2a01:b760:abc:3::/64 allow
+	access-control: 2a01:b760:abc:4::/64 allow
+	access-control: 2a01:b760:abc:5::/64 allow
 
 	# if given, a chroot(2) is done to the given directory.
 	# i.e. you can chroot to the working directory, for example,
@@ -589,3 +589,5 @@ remote-control:
 # forward-zone:
 # 	name: "example.org"
 # 	forward-host: fwd.example.com
+
+include: "/etc/unbound/unbound.conf.d/*.conf"