shell-things/etc/unbound/unbound.conf.d/dns64-over-tls.conf

30 lines
1.1 KiB
Plaintext
Raw Normal View History

# NOTE: Read dns-over-tls.conf! This is only for IPv6-only hosts which
# are currently rare. And this is more of a placeholder.
server:
2023-02-21 18:08:54 +01:00
# Debian ca-certificates location
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
2023-02-21 18:08:54 +01:00
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Use system certificates no matter where they are
tls-system-cert: yes
# Quad9 says pointless performance impact on forwarders.
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
qname-minimisation: no
# Forward queries to
forward-zone:
2023-02-21 18:08:54 +01:00
name: "."
forward-tls-upstream: yes
2023-02-21 18:08:54 +01:00
# Google DNS64 for 64:ff9b::/96
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
# Google will fix it by the time I actually have IPv6 only hosts and
# there will be not-Google options.
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
2019-08-25 17:27:11 +02:00
2023-02-21 18:08:54 +01:00
# Cloudflare for 64:ff9b::/96
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com