On 2025-10-17 18:53:22, Stuart Henderson write:
>  remote-control:
>  	control-enable: yes
> +	control-use-cert: no
>  	control-interface: /var/run/unbound.sock

What's the rational for this?

The documentation is clear that this option is ignored and 
certificates are not used when a socket is used.  Access is 
controled by file permissions instead of TLS for sockets.
For IP interfaces the certificates restrict the access.
(docs also say it uses TLSv1 security for the connection!)