diff --git a/daemon/README.rst b/daemon/README.rst
index 4fccf6f66eac9c06efe7fa08f2224d29d398fec5..a93dbd7b71fbfedc171d35472eba1041fee6d3c7 100644
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -155,6 +155,8 @@ Configuration example
    -- 10MB cache
    cache.size = 10*MB
 
+.. tip:: There are more configuration examples in `etc/` directory for personal, ISP, company internal and resolver cluster use cases.
+
 Configuration syntax
 --------------------
 
diff --git a/doc/build.rst b/doc/build.rst
index bff2bbbedbc2ffb7991eb559a3ad31375bab5e22..9d0dccb882254649f0762e37b27fc6c19c689049 100644
--- a/doc/build.rst
+++ b/doc/build.rst
@@ -78,24 +78,6 @@ Most of the dependencies can be resolved from packages, here's an overview for s
 
    brew install pkg-config libuv luajit cmocka
 
-Getting Docker image
---------------------
-
-Docker images require only either Linux or a Linux VM (see boot2docker_ on OS X).
-
-.. code-block:: bash
-
-   $ docker run cznic/knot-resolver
-
-See the `Docker images`_ page for more information and options.
-You can hack on the container by changing the container entrypoint to shell like:
-
-.. code-block:: bash
-
-   $ docker run -it --entrypoint=/bin/bash cznic/knot-resolver
-
-.. tip:: You can build the Docker image yourself with ``docker build -t knot-resolver scripts``.
-
 Building from sources 
 ---------------------
 
@@ -151,7 +133,9 @@ The build system supports both DESTDIR_ and `amalgamated builds <https://www.sql
    $ make install DESTDIR=/tmp/stage # Staged install
    $ make all install AMALG=yes # Amalgamated build
 
-.. note:: Amalgamated build assembles everything in one source file and compiles it. It is useful for packages, as the compiler sees the whole program and is able to produce a smaller and faster binary. On the other hand, it complicates debugging.
+Amalgamated build assembles everything in one source file and compiles it. It is useful for packages, as the compiler sees the whole program and is able to produce a smaller and faster binary. On the other hand, it complicates debugging.
+
+.. tip:: There is a template for service file and AppArmor profile to help you kickstart the package.
 
 Default paths
 ~~~~~~~~~~~~~
@@ -231,6 +215,24 @@ is otherwise unable to find and load modules.
 
 Read the `documentation <deckard_doc>`_ for more information about requirements, how to run it and extend it.
 
+Getting Docker image
+--------------------
+
+Docker images require only either Linux or a Linux VM (see boot2docker_ on OS X).
+
+.. code-block:: bash
+
+   $ docker run cznic/knot-resolver
+
+See the `Docker images`_ page for more information and options.
+You can hack on the container by changing the container entrypoint to shell like:
+
+.. code-block:: bash
+
+   $ docker run -it --entrypoint=/bin/bash cznic/knot-resolver
+
+.. tip:: You can build the Docker image yourself with ``docker build -t knot-resolver scripts``.
+
 .. _Docker images: https://registry.hub.docker.com/u/cznic/knot-resolver
 .. _libuv: https://github.com/libuv/libuv
 .. _MSVC: https://msdn.microsoft.com/en-us/vstudio/hh386302.aspx
diff --git a/etc/config.cluster b/etc/config.cluster
new file mode 100644
index 0000000000000000000000000000000000000000..5be5c923ca4ca4f07058aee4bb254703191366f0
--- /dev/null
+++ b/etc/config.cluster
@@ -0,0 +1,46 @@
+-- Config file example useable for larger resolver farms
+-- In this case cache should be made as large as possible, and prefetching turned off
+-- as the resolver is busy most of the time.
+-- Alternative is using `etcd` as a configuration backend.
+-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
+
+-- Listen on localhost and external interface
+net = { '127.0.0.1', '::1', '192.168.1.1' }
+
+-- Drop root privileges
+user('kresd', 'kresd')
+
+-- Auto-maintain root TA
+trust_anchors.file = 'root.keys'
+
+-- Large cache size, so we don't need to flush ever
+-- This can be larger than available RAM, least frequently accessed
+-- records will be paged out as long as there's enough disk space to back it
+cache.size = 100 * GB 
+
+-- Load Useful modules
+modules = {
+	'policy',   -- Block queries to local zones/bad sites
+	'cachectl', -- Cache control interface
+	'hints',    -- Load /etc/hosts and allow custom root hints
+	'stats',    -- Track internal statistics
+	graphite = { -- Send statistics to local InfluxDB
+		-- `worker.id` allows us to keep per-fork statistics
+		prefix = hostname()..worker.id,
+		-- Address of the Graphite/InfluxDB server
+		host = '192.168.1.2',
+	},
+	'redis',   -- Allow to use Redis as a cache backend
+}
+
+-- Use local root server copy for performance reasons
+hints.root({
+  ['j.root-servers.net.'] = { '192.168.1.4', '2001:503:c27::2:30', '192.58.128.30' }
+})
+
+-- Apply RPZ for all clients, default rule is DENY
+policy:add(policy.rpz(policy.DENY, 'blacklist.rpz'))
+
+-- Optional: use Redis/Memcached as a cache backend which may be distributed between nodes
+-- cache.storage = 'redis://127.0.0.1:6398'
+
diff --git a/etc/config.isp b/etc/config.isp
new file mode 100644
index 0000000000000000000000000000000000000000..4d6e9910bb9ed4986f2c7e4afa17b4bdbe0ff7b1
--- /dev/null
+++ b/etc/config.isp
@@ -0,0 +1,39 @@
+-- Config file example useable for multi-user ISP resolver
+-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
+
+-- Listen on localhost and external interface
+net = { '127.0.0.1', '::1', '192.168.1.1' }
+
+-- Drop root privileges
+user('kresd', 'kresd')
+
+-- Auto-maintain root TA
+trust_anchors.file = 'root.keys'
+
+-- Large cache size, so we don't need to flush often
+-- This can be larger than available RAM, least frequently accessed
+-- records will be paged out
+cache.size = 4 * GB 
+
+-- Load Useful modules
+modules = {
+	'policy',   -- Block queries to local zones/bad sites
+	'view',     -- Views for certain clients
+	'cachectl', -- Cache control interface
+	'hints',    -- Load /etc/hosts and allow custom root hints
+	'stats',    -- Track internal statistics
+	graphite = { -- Send statistics to local InfluxDB
+		-- `worker.id` allows us to keep per-fork statistics
+		prefix = hostname()..worker.id,
+		-- Address of the Graphite/InfluxDB server
+		host = '192.168.1.2',
+	}
+}
+
+-- Block all `site.nl` for `10.0.0.0/24` subnet
+view:addr('10.0.0.0/24', policy.suffix(policy.DROP, {todname('site.nl')}))
+-- Force all clients from `192.168.2.0/24` to TCP
+view:addr('192.168.2.0/24', policy.all(policy.TC))
+-- Apply RPZ for all clients, default rule is DENY
+policy:add(policy.rpz(policy.DENY, 'blacklist.rpz'))
+
diff --git a/etc/config.personal b/etc/config.personal
new file mode 100644
index 0000000000000000000000000000000000000000..12881b13df33d318b8ab71891bd5f53d692534e8
--- /dev/null
+++ b/etc/config.personal
@@ -0,0 +1,25 @@
+-- Config file example useable for personal resolver.
+-- The goal is to have a validating resolver with tiny memory footprint,
+-- while actively tracking and refreshing frequent records to lower user latency.
+-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
+
+-- Listen on localhost (default)
+-- net = { '127.0.0.1', '::1' }
+
+-- Drop root privileges
+user('kresd', 'kresd')
+
+-- Auto-maintain root TA
+trust_anchors.file = 'root.keys'
+
+-- Load Useful modules
+modules = {
+	'policy',   -- Block queries to local zones/bad sites
+	'cachectl', -- Cache control interface
+	'hints',    -- Load /etc/hosts and allow custom root hints
+	'stats',    -- Track internal statistics
+	'predict',  -- Prefetch expiring/frequent records
+}
+
+-- Smaller cache size
+cache.size = 10 * MB
diff --git a/etc/config.splitview b/etc/config.splitview
new file mode 100644
index 0000000000000000000000000000000000000000..ff26a09ad3aa4167b0abd4be95383bc91e526d28
--- /dev/null
+++ b/etc/config.splitview
@@ -0,0 +1,35 @@
+-- Config file with split-view for internal zone
+-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
+
+-- Listen on localhost and external interface
+net = { '127.0.0.1', '::1', '192.168.1.1' }
+
+-- Drop root privileges
+user('kresd', 'kresd')
+
+-- Auto-maintain root TA
+trust_anchors.file = 'root.keys'
+
+-- Load Useful modules
+modules = {
+	'policy',   -- Block queries to local zones/bad sites
+	'cachectl', -- Cache control interface
+	'hints',    -- Load /etc/hosts and allow custom root hints
+	'stats',    -- Track internal statistics
+	graphite = { -- Send statistics to local InfluxDB
+		-- `worker.id` allows us to keep per-fork statistics
+		prefix = hostname()..worker.id,
+		-- Address of the Graphite/InfluxDB server
+		host = '192.168.1.2',
+	},
+	-- Use DNS64 with specified NAT64 address
+	dns64 = 'fe80::21b:77ff:0:0',
+}
+
+-- Large cache size, so we don't need to flush often
+-- This can be larger than available RAM, least frequently accessed
+-- records will be paged out
+cache.size = 4 * GB 
+
+-- Forward everything below `company.cz` to `192.168.1.3`
+policy:add(policy.suffix(policy.FORWARD('192.168.1.3'), {todname('company.cz')}))
diff --git a/etc/etc.mk b/etc/etc.mk
index 18ee2a0fc5ff1b060552e3d43acd13d1977ccf30..9c5b446eb93781c785ad15b5d9b7641302b0025c 100644
--- a/etc/etc.mk
+++ b/etc/etc.mk
@@ -1,4 +1,8 @@
-etc_SOURCES := icann-ca.pem
+etc_SOURCES := icann-ca.pem \
+	config.cluster \
+	config.isp \
+	config.personal \
+	config.splitview
 
 etc-install: $(DESTDIR)$(ETCDIR)
 	$(INSTALL) -m 0640 $(addprefix etc/,$(etc_SOURCES)) $(DESTDIR)$(ETCDIR)