diff -upr unbound-1.13.0.orig/doc/example.conf.in unbound-1.13.0/doc/example.conf.in
--- unbound-1.13.0.orig/doc/example.conf.in	2020-12-21 09:58:04.154390497 +0100
+++ unbound-1.13.0/doc/example.conf.in	2020-12-21 09:58:53.094583255 +0100
@@ -355,9 +355,6 @@ server:
 	# print log lines that say why queries return SERVFAIL to clients.
 	# log-servfail: no
 
-	# the pid file. Can be an absolute path outside of chroot/work dir.
-	# pidfile: "@UNBOUND_PIDFILE@"
-
 	# file to read root hints from.
 	# get one from https://www.internic.net/domain/named.cache
 	# root-hints: ""
@@ -507,7 +504,7 @@ server:
 	# you start unbound (i.e. in the system boot scripts).  And enable:
 	# Please note usage of unbound-anchor root anchor is at your own risk
 	# and under the terms of our LICENSE (see that file in the source).
-	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+	# auto-trust-anchor-file: ""
 
 	# trust anchor signaling sends a RFC8145 key tag query after priming.
 	# trust-anchor-signaling: yes
@@ -519,7 +516,7 @@ server:
 	# with several entries, one file per entry.
 	# Zone file format, with DS and DNSKEY entries.
 	# Note this gets out of date, use auto-trust-anchor-file please.
-	# trust-anchor-file: ""
+	trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
 
 	# Trusted key for validation. DS or DNSKEY. specify the RR on a
 	# single line, surrounded by "". TTL is ignored. class is IN default.
@@ -900,12 +897,13 @@ dynlib:
 remote-control:
 	# Enable remote control with unbound-control(8) here.
 	# set up the keys and certificates with unbound-control-setup.
-	# control-enable: no
+	control-enable: yes
 
 	# what interfaces are listened to for remote control.
 	# give 0.0.0.0 and ::0 to listen to all interfaces.
 	# set to an absolute path to use a unix local name pipe, certificates
 	# are not used for that, so key and cert files need not be present.
+	control-interface: /run/unbound.control.sock
 	# control-interface: 127.0.0.1
 	# control-interface: ::1