diff --git a/plist b/plist
index 55de2cc90..d79ff42c0 100644
--- a/plist
+++ b/plist
@@ -386,6 +386,7 @@
 /usr/local/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogPipe.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogQueue.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogRule.xml
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/AdvancedController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/DiagnosticsController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/ServiceController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/SettingsController.php
@@ -394,6 +395,7 @@
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/ForwardController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/OverridesController.php
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/StatsController.php
+/usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDomainOverride.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogDot.xml
 /usr/local/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/dialogHostAlias.xml
@@ -666,6 +668,7 @@
 /usr/local/opnsense/mvc/app/views/OPNsense/Syslog/index.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/TrafficShaper/index.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/TrafficShaper/statistics.volt
+/usr/local/opnsense/mvc/app/views/OPNsense/Unbound/advanced.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Unbound/dnsbl.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Unbound/dot.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/Unbound/overrides.volt
@@ -1057,6 +1060,7 @@
 /usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-lockout.conf
 /usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf
 /usr/local/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS
+/usr/local/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
 /usr/local/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
 /usr/local/opnsense/service/templates/OPNsense/Unbound/core/domainoverrides.conf
 /usr/local/opnsense/service/templates/OPNsense/Unbound/core/dot.conf
diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc
index 871a04163..b25354415 100644
--- a/src/etc/inc/plugins.inc.d/unbound.inc
+++ b/src/etc/inc/plugins.inc.d/unbound.inc
@@ -313,6 +313,7 @@ pidfile: /var/run/unbound.pid
 root-hints: /var/unbound/root.hints
 use-syslog: yes
 port: {$port}
+include: /var/unbound/advanced.conf
 verbosity: {$verbosity}
 extended-statistics: {$extended_statistics}
 log-queries: {$log_queries}
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/AdvancedController.php b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/AdvancedController.php
new file mode 100755
index 000000000..e67b27552
--- /dev/null
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/AdvancedController.php
@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * Copyright (C) 2022 Deciso B.V.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Unbound;
+
+use OPNsense\Base\IndexController;
+
+class AdvancedController extends IndexController
+{
+    public function indexAction()
+    {
+        $this->view->advancedForm = $this->getForm('advanced');
+        $this->view->pick('OPNsense/Unbound/advanced');
+    }
+}
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
new file mode 100755
index 000000000..274e29fee
--- /dev/null
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/advanced.xml
@@ -0,0 +1,183 @@
+<form>
+    <field>
+        <id>unbound.advanced.hideidentity</id>
+        <label>Hide Identity</label>
+        <type>checkbox</type>
+        <help>If enabled, id.server and hostname.bind queries are refused.</help>
+    </field>
+    <field>
+        <id>unbound.advanced.hideversion</id>
+        <label>Hide Version</label>
+        <type>checkbox</type>
+        <help>If enabled, version.server and version.bind queries are refused.</help>
+    </field>
+    <field>
+        <id>unbound.advanced.prefetch</id>
+        <label>Prefetch Support</label>
+        <type>checkbox</type>
+        <help>
+            Message cache elements are prefetched before they expire to help keep the cache up to date.
+            When enabled, this option can cause an increase of around 10% more DNS traffic and load
+            on the server, but frequently requested items will not expire from the cache.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.prefetchkey</id>
+        <label>Prefetch DNS Key Support</label>
+        <type>checkbox</type>
+        <help>
+            DNSKEYs are fetched earlier in the validation process when a Delegation signer is encountered.
+            This helps lower the latency of requests but does utilize a little more CPU.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.dnssecstripped</id>
+        <label>Harden DNSSEC Data</label>
+        <type>checkbox</type>
+        <help>
+            DNSSEC data is required for trust-anchored zones. If such data is absent, the zone becomes bogus.
+            If this is disabled and no DNSSEC data is received, then the zone is made insecure.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.serveexpired</id>
+        <label>Serve Expired Responses</label>
+        <type>checkbox</type>
+        <help>
+            Serve expired responses from the cache with a TTL of 0 without waiting for the actual resolution to finish.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.qnameinstrict</id>
+        <label>Strict QNAME Minimisation</label>
+        <type>checkbox</type>
+        <help>
+            Send minimum amount of information to upstream servers to enhance privacy.
+            Do not fall-back to sending full QNAME to potentially broken nameservers.
+            A lot of domains will not be resolvable when this option in enabled.
+            Only use if you know what you are doing.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.extendedstatistics</id>
+        <label>Extended Statistics</label>
+        <type>checkbox</type>
+        <help>If enabled, extended statistics are printed.</help>
+    </field>
+    <field>
+        <id>unbound.advanced.logqueries</id>
+        <label>Log Queries</label>
+        <type>checkbox</type>
+        <help>
+            If enabled, prints one line per query to the log, with the log timestamp and IP address, name, type and class.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.msgcachesize</id>
+        <label>Message Cache Size</label>
+        <type>dropdown</type>
+        <help>
+            Size of the message cache. The message cache stores DNS rcodes and validation statuses.
+            The RRSet cache will automatically be set to twice this amount. The RRSet cache contains the actual RR data.
+            The default is 4 megabytes.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.outgoingnumtcp</id>
+        <label>Outgoing TCP Buffers</label>
+        <type>dropdown</type>
+        <help>
+            The number of outgoing TCP buffers to allocate per thread. The default value is 10.
+            If 0 is selected then no TCP queries, to authoritative servers, are done.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.incomingnumtcp</id>
+        <label>Incoming TCP Buffers</label>
+        <type>dropdown</type>
+        <help>
+            The number of incoming TCP buffers to allocate per thread. The default value is 10.
+            If 0 is selected then no TCP queries, from clients, are accepted.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.numqueriesperthread</id>
+        <label>Number of queries per thread</label>
+        <type>dropdown</type>
+        <help>
+            The number of queries that every thread will service simultaneously. If more queries arrive that
+            need to be serviced, and no queries can be jostled, then these queries are dropped.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.jostletimeout</id>
+        <label>Jostle Timeout</label>
+        <type>dropdown</type>
+        <help>
+            This timeout is used for when the server is very busy. This protects against denial of service by
+            slow queries or high query rates. The default value is 200 milliseconds.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.cachemaxttl</id>
+        <label>Maximum TTL for RRsets and messages</label>
+        <type>text</type>
+        <help>
+            Configure a maximum Time to live for RRsets and messages in the cache.
+            The default is 86400 seconds (1 day). When the internal TTL expires the cache item is expired.
+            This can be configured to force the resolver to query for data more often and
+            not trust (very large) TTL values.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.cacheminttl</id>
+        <label>Minimum TTL for RRsets and messages</label>
+        <type>text</type>
+        <help>
+            Configure a minimum Time to live for RRsets and messages in the cache.
+            The default is 0 seconds. If the minimum value kicks in, the data is cached for longer than
+            the domain owner intended, and thus less queries are made to look up the data.
+            The 0 value ensures the data in the cache is as the domain owner intended.
+            High values can lead to trouble as the data in the cache might not match up with the actual data anymore.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.infrahostttl</id>
+        <label>TTL for Host Cache entries</label>
+        <type>dropdown</type>
+        <help>
+            Time to live for entries in the host cache. The host cache contains roundtrip timing and EDNS
+            support information. The default is 15 minutes.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.infracachenumhosts</id>
+        <label>Number of Hosts to cache</label>
+        <type>dropdown</type>
+        <help>
+            Number of hosts for which information is cached. The default is 10000.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.unwantedreplythreshold</id>
+        <label>Unwanted Reply Threshold</label>
+        <type>dropdown</type>
+        <help>
+            If enabled, a total number of unwanted replies is kept track of in every thread.
+            When it reaches the threshold, a defensive action is taken and a warning is printed to the log file.
+            This defensive action is to clear the RRSet and message caches, hopefully flushing away any poison.
+            The default is disabled, but if enabled a value of 10 million is suggested.
+        </help>
+    </field>
+    <field>
+        <id>unbound.advanced.logverbosity</id>
+        <label>Log Level Verbosity</label>
+        <type>dropdown</type>
+        <help>
+            Select the log verbosity. Level 0 means no verbosity, only errors. Level 1 gives operational information.
+            Level 2 gives detailed operational information. Level 3 gives query level information, output per query.
+            Level 4 gives algorithm level information. Level 5 logs client identification for cache misses.
+            Default is level 1.
+        </help>
+    </field>
+</form>
\ No newline at end of file
diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
index 21e92392e..27ca5d690 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
@@ -14,7 +14,8 @@
     <page-services-dnsresolver-advanced>
         <name>Services: Unbound DNS: Advanced</name>
         <patterns>
-            <pattern>services_unbound_advanced.php*</pattern>
+            <pattern>ui/unbound/advanced/*</pattern>
+            <pattern>api/unbound/advanced/*</pattern>
         </patterns>
     </page-services-dnsresolver-advanced>
     <page-services-dnsresolver-overrides>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
index 6c4af6003..84f708975 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
@@ -3,7 +3,7 @@
         <Unbound VisibleName="Unbound DNS" cssClass="fa fa-tags fa-fw">
             <General order="10" url="/services_unbound.php"/>
             <Overrides order="20" url="/ui/unbound/overrides/"/>
-            <Advanced order="30" url="/services_unbound_advanced.php"/>
+            <Advanced order="30" url="/ui/unbound/advanced/"/>
             <ACL VisibleName="Access Lists" order="40" url="/services_unbound_acls.php">
                 <All url="/services_unbound_acls.php*" visibility="hidden"/>
             </ACL>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
index 992638a1b..1a9a62162 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
@@ -6,6 +6,155 @@
         <service_enabled type="LegacyLinkField">
             <Source>unbound.enable</Source>
         </service_enabled>
+        <advanced>
+            <hideidentity type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </hideidentity>
+            <hideversion type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </hideversion>
+            <prefetch type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </prefetch>
+            <prefetchkey type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </prefetchkey>
+            <dnssecstripped type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </dnssecstripped>
+            <serveexpired type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </serveexpired>
+            <qnameinstrict type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </qnameinstrict>
+            <extendedstatistics type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </extendedstatistics>
+            <logqueries type="BooleanField">
+                <default>0</default>
+                <Required>N</Required>
+            </logqueries>
+            <msgcachesize type="OptionField">
+                <Required>N</Required>
+                <default>opt1</default>
+                <OptionValues>
+                    <opt1 value="4">4 MB</opt1>
+                    <opt2 value="10">10 MB</opt2>
+                    <opt3 value="20">20 MB</opt3>
+                    <opt4 value="50">50 MB</opt4>
+                    <opt5 value="100">100 MB</opt5>
+                    <opt6 value="250">250 MB</opt6>
+                    <opt7 value="512">512 MB</opt7>
+                </OptionValues>
+            </msgcachesize>
+            <outgoingnumtcp type="OptionField">
+                <Required>N</Required>
+                <default>opt2</default>
+                <OptionValues>
+                    <opt1 value="0">0</opt1>
+                    <opt2 value="10">10</opt2>
+                    <opt3 value="20">20</opt3>
+                    <opt4 value="30">30</opt4>
+                    <opt5 value="40">40</opt5>
+                    <opt6 value="50">50</opt6>
+                </OptionValues>
+            </outgoingnumtcp>
+            <incomingnumtcp type="OptionField">
+                <Required>N</Required>
+                <default>opt2</default>
+                <OptionValues>
+                    <opt1 value="0">0</opt1>
+                    <opt2 value="10">10</opt2>
+                    <opt3 value="20">20</opt3>
+                    <opt4 value="30">30</opt4>
+                    <opt5 value="40">40</opt5>
+                    <opt6 value="50">50</opt6>
+                </OptionValues>
+            </incomingnumtcp>
+            <numqueriesperthread type="OptionField">
+                <Required>N</Required>
+                <default>opt4</default>
+                <OptionValues>
+                    <opt1 value="512">512</opt1>
+                    <opt2 value="1024">1024</opt2>
+                    <opt3 value="2048">2048</opt3>
+                    <opt4 value="4096">4096</opt4>
+                    <opt5 value="8192">8192</opt5>
+                </OptionValues>
+            </numqueriesperthread>
+            <jostletimeout type="OptionField">
+                <Required>N</Required>
+                <default>opt2</default>
+                <OptionValues>
+                    <opt1 value="100">100</opt1>
+                    <opt2 value="200">200</opt2>
+                    <opt3 value="500">500</opt3>
+                    <opt4 value="1000">1000</opt4>
+                </OptionValues>
+            </jostletimeout>
+            <cachemaxttl type="NumericField">
+                <Required>N</Required>
+                <default>86400</default>
+            </cachemaxttl>
+            <cacheminttl type="NumericField">
+                <Required>N</Required>
+                <default>0</default>
+            </cacheminttl>
+            <infrahostttl type="OptionField">
+                <Required>N</Required>
+                <default>opt5</default>
+                <OptionValues>
+                    <opt1 value="60">1 minute</opt1>
+                    <opt2 value="120">2 minutes</opt2>
+                    <opt3 value="300">5 minutes</opt3>
+                    <opt4 value="600">10 minutes</opt4>
+                    <opt5 value="900">15 minutes</opt5>
+                </OptionValues>
+            </infrahostttl>
+            <infracachenumhosts type="OptionField">
+                <Required>N</Required>
+                <default>opt3</default>
+                <OptionValues>
+                    <opt1 value="1000">1000</opt1>
+                    <opt2 value="5000">5000</opt2>
+                    <opt3 value="10000">10000</opt3>
+                    <opt4 value="20000">20000</opt4>
+                    <opt5 value="50000">50000</opt5>
+                </OptionValues>
+            </infracachenumhosts>
+            <unwantedreplythreshold type="OptionField">
+                <Required>N</Required>
+                <BlankDesc>Disabled</BlankDesc>
+                <OptionValues>
+                    <opt1 value="5000000">5 million</opt1>
+                    <opt2 value="10000000">10 million</opt2>
+                    <opt3 value="20000000">20 million</opt3>
+                    <opt4 value="40000000">40 million</opt4>
+                    <opt5 value="50000000">50 million</opt5>
+                </OptionValues>
+            </unwantedreplythreshold>
+            <logverbosity type="OptionField">
+                <Required>N</Required>
+                <default>opt2</default>
+                <OptionValues>
+                    <opt1 value="0">Level 0</opt1>
+                    <opt2 value="1">Level 1</opt2>
+                    <opt3 value="2">Level 2</opt3>
+                    <opt4 value="3">Level 3</opt4>
+                    <opt5 value="4">Level 4</opt5>
+                    <opt6 value="5">Level 5</opt6>
+                </OptionValues>
+            </logverbosity>
+        </advanced>
         <dnsbl>
             <enabled type="BooleanField">
                 <default>0</default>
diff --git a/src/opnsense/mvc/app/views/OPNsense/Unbound/advanced.volt b/src/opnsense/mvc/app/views/OPNsense/Unbound/advanced.volt
new file mode 100755
index 000000000..68c71bb75
--- /dev/null
+++ b/src/opnsense/mvc/app/views/OPNsense/Unbound/advanced.volt
@@ -0,0 +1,53 @@
+{#
+ # Copyright (c) 2022 Deciso B.V.
+ # All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or without modification,
+ # are permitted provided that the following conditions are met:
+ #
+ # 1. Redistributions of source code must retain the above copyright notice,
+ #    this list of conditions and the following disclaimer.
+ #
+ # 2. Redistributions in binary form must reproduce the above copyright notice,
+ #    this list of conditions and the following disclaimer in the documentation
+ #    and/or other materials provided with the distribution.
+ #
+ # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ # AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ # POSSIBILITY OF SUCH DAMAGE.
+ #}
+
+<script>
+    $( document ).ready(function() {
+        var data_get_map = {'frm_AdvancedSettings':"/api/unbound/settings/get"};
+        mapDataToFormUI(data_get_map).done(function(data) {
+           //formatTokenizersUI();
+           $('.selectpicker').selectpicker('refresh');
+           console.log(data);
+        });
+
+        $("#reconfigureAct").SimpleActionButton();
+
+        updateServiceControlUI('unbound');
+    });
+</script>
+
+<div class="content-box" style="padding-bottom: 1.5em;">
+{{ partial("layout_partials/base_form",['fields':advancedForm,'id':'frm_AdvancedSettings'])}}
+    <div class="col-md-12">
+        <hr/>
+        <button class="btn btn-primary" id="reconfigureAct"
+                data-endpoint='/api/unbound/service/reconfigure'
+                data-label="{{ lang._('Apply') }}"
+                data-error-title="{{ lang._('Error reconfiguring unbound') }}"
+                type="button">
+        </button>
+    </div>
+</div>
diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS b/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS
index d0234382e..8ed7bc632 100644
--- a/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS
+++ b/src/opnsense/service/templates/OPNsense/Unbound/core/+TARGETS
@@ -1,3 +1,4 @@
+advanced.conf:/var/unbound/advanced.conf
 blocklists.conf:/tmp/unbound-blocklists.conf
 dot.conf:/usr/local/etc/unbound.opnsense.d/dot.conf
 private_domains.conf:/var/unbound/private_domains.conf
diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/advanced.conf
new file mode 100755
index 000000000..e69de29bb