unbound-checkconf

Check default configuration file

$ unbound-checkconf

$ unbound-checkconf [/etc/unbound/unbound.conf]

$ unbound-checkconf -o [verbosity]

$ unbound-checkconf -f [/etc/unbound/unbound.conf]

unbound-checkconf [options] [configfile]

unbound-checkconf validates the Unbound DNS resolver configuration file for syntax errors and configuration problems. It checks the specified file or the default configuration location if no file is given.
The tool verifies configuration syntax, checks for valid option values, and ensures referenced files (like key files and certificates) exist and are readable. Running this before restarting Unbound prevents service disruption from configuration errors.
The -o option extracts specific configuration values, useful for scripting or verifying settings. For disabled options, an empty line is printed.

-h

Display help and exit.

Print full configuration after parsing.

Print the value of a specific option to stdout.

Returns 0 if the configuration is valid, 1 if errors are found. Error messages indicate the nature and location of problems.

Some errors (like missing auto-generated files) only appear at runtime. Does not validate remote server connectivity. Default configuration path varies by installation.

unbound-checkconf is part of the Unbound DNS resolver developed by NLnet Labs. Unbound was designed as a modern, secure, validating recursive DNS resolver with DNSSEC support, intended as an alternative to BIND for resolver-only deployments.

unbound(8), unbound-control(8), unbound-host(1), unbound.conf(5)