From 885719f04790c664640fd81e43063d92786ad612 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Sat, 11 May 2024 11:47:28 +0300 Subject: [PATCH] dns.md: add a missing link and correct its name --- n/dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/n/dns.md b/n/dns.md index ffeb3a2..a541cf4 100644 --- a/n/dns.md +++ b/n/dns.md @@ -209,7 +209,7 @@ As the size and confusion this page induces to anyone else than me shows, I have - As I have to support devices going outside of the EU, I lean towards Quad9. - iOS (or Apple in general): same question, do the devices travel outside of the EU? Both provide configuration profiles. - While not noticing the DNS0.eu configuration profile is difficult, [Quad9 currently hides it a bit under docs.quad9.net iOS instructions](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_%28Encrypted%29/). -- Personal computers: I have reached the cursed conclusion of [using Unbound upstreams DNS0 for IPv4, Quad9 ECS for IPv6](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf) and [using the hosts file to point web browsers away from DNS0.eu IPv6](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/hosts/dns) using [IPv4 addresses expressed in IPv6](). +- Personal computers: I have reached the cursed conclusion of [using Unbound upstreams DNS0 for IPv4, Quad9 ECS for IPv6](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf) and [using the hosts file to point web browsers away from DNS0.eu IPv6](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/hosts/dns) using [IPv4 mapped IPv6 addresses](https://en.m.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses). - Especially the last part is cursed. - Yes, ECS has privacy concerns, however _theoretically_ it's only a fallback if IPv4 goes down (very rare, has happened for short periods of time in my experience), but the environment also weights my decision. See above on whether to ECS or not. - I hope to offset the risks of ECS by [not allowing TTLs below an hour](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/min-ttl-hour.conf) so whether I have a tab open or not cannot be figured out from DNS traffic alone and somewhat relatedly [serve stale records if I must](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/expired-stale-serving-rfc8767.conf).