diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md
index 653a3f836..fd971bc07 100644
--- a/net/unbound/files/README.md
+++ b/net/unbound/files/README.md
@@ -259,6 +259,10 @@ config unbound
     Boolean. If enabled version.server, version.bind, id.server, and
     hostname.bind queries are refused.
 
+  option interface_auto '0'
+    Boolean. If enabled DNS replies will have the same source address as
+    the request was sent to.
+
   option listen_port '53'
     Port. Incoming. Where Unbound will listen for queries.
 
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 32a2e938a..5cc959b7f 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -36,6 +36,7 @@ UB_B_NTP_BOOT=1
 UB_B_QUERY_MIN=0
 UB_B_QRY_MINST=0
 UB_B_AUTH_ROOT=0
+UB_B_IF_AUTO=0
 
 UB_D_CONTROL=0
 UB_D_DOMAIN_TYPE=static
@@ -720,6 +721,11 @@ unbound_conf() {
   esac
 
 
+  if [ "$UB_B_IF_AUTO" -gt 0 ] ; then
+    echo "  interface-automatic: yes" >> $UB_CORE_CONF
+  fi
+
+
   case "$UB_D_RESOURCE" in
     # Tiny - Unbound's recommended cheap hardware config
     tiny)   rt_mem=1  ; rt_conn=2  ; rt_buff=1 ;;
@@ -1208,6 +1214,7 @@ unbound_uci() {
   config_get_bool UB_B_LOCL_BLCK  "$cfg" rebind_localhost 0
   config_get_bool UB_B_DNSSEC     "$cfg" validator 0
   config_get_bool UB_B_NTP_BOOT   "$cfg" validator_ntp 1
+  config_get_bool UB_B_IF_AUTO    "$cfg" interface_auto 0
 
   config_get UB_IP_DNS64    "$cfg" dns64_prefix "64:ff9b::/96"
 
diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci
index 604c960aa..b75381f96 100644
--- a/net/unbound/files/unbound.uci
+++ b/net/unbound/files/unbound.uci
@@ -28,6 +28,7 @@ config unbound
 	option validator '0'
 	option validator_ntp '1'
 	option verbosity '1'
+	option interface_auto '0'
 	list trigger_interface 'lan'
 	list trigger_interface 'wan'
 	#list domain_insecure 'ntp.example.com'