===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/etc/unbound.conf,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- src/etc/unbound.conf	2018/12/10 16:46:03	1.11
+++ src/etc/unbound.conf	2018/12/11 19:16:36	1.12
@@ -1,4 +1,4 @@
-# $OpenBSD: unbound.conf,v 1.11 2018/12/10 16:46:03 sthen Exp $
+# $OpenBSD: unbound.conf,v 1.12 2018/12/11 19:16:36 florian Exp $
 
 server:
 	interface: 127.0.0.1
@@ -19,12 +19,14 @@
 	hide-identity: yes
 	hide-version: yes
 
-	# Enable DNSSEC validation.
-	auto-trust-anchor-file: "/var/unbound/db/root.key"
-	val-log-level: 2
+	# Uncomment to enable DNSSEC validation.
+	#
+	#auto-trust-anchor-file: "/var/unbound/db/root.key"
 
-	# Synthesize NXDOMAINs from DNSSEC NSEC chains.  RFC 8198
-	aggressive-nsec: yes
+	# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
+	# https://tools.ietf.org/html/rfc8198
+	#
+	#aggressive-nsec: yes
 
 	# Serve zones authoritatively from Unbound to resolver clients.
 	# Not for external service.