# enable forwarding to known DNS servers
echo "forward-zone:\n\tname: \".\"" >> /etc/unbound/unbound.conf
grep ^nameserver /etc/resolv.conf | gsed 's;nameserver;\tforward-addr:;' >> /etc/unbound/unbound.conf

# generate key for unbound-control
unbound-control-setup

# enable unbound-control
cat >> /etc/unbound/unbound.conf <<EOF
remote-control:
    control-enable: yes
    server-key-file: "/etc/unbound/unbound_server.key"
    server-cert-file: "/etc/unbound/unbound_server.pem"
    control-key-file: "/etc/unbound/unbound_control.key"
    control-cert-file: "/etc/unbound/unbound_control.pem"
EOF

# enable unbound service
svcadm enable -s svc:/network/dns/server:unbound

# change resolver to localhost
svccfg -s svc:/network/dns/client:default setprop config/nameserver = net_address: ::1
svcadm refresh -s svc:/network/dns/client
grep ^nameserver /etc/resolv.conf

# test unbound
unbound-control status

dig -t a github.com
unbound-control dump_cache | grep github

# Lookup name via Name Service switch, flush hosts first.
/usr/sbin/nscd -i hosts
/usr/bin/getent hosts github.com