2019-08-25 17:16:51 +02:00
|
|
|
# NOTE: Read dns-over-tls.conf! This is only for IPv6-only hosts which
|
|
|
|
|
# are currently rare. And this is more of a placeholder.
|
|
|
|
|
|
|
|
|
|
server:
|
2023-02-21 18:08:54 +01:00
|
|
|
# Debian ca-certificates location
|
2024-04-17 15:01:38 +02:00
|
|
|
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
2024-05-14 14:07:11 +02:00
|
|
|
# Fedora
|
2023-02-21 18:08:54 +01:00
|
|
|
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
2024-04-17 15:01:38 +02:00
|
|
|
# Use system certificates no matter where they are
|
|
|
|
|
tls-system-cert: yes
|
|
|
|
|
# Quad9 says pointless performance impact on forwarders.
|
|
|
|
|
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
|
|
|
|
|
qname-minimisation: no
|
2019-08-25 17:16:51 +02:00
|
|
|
|
|
|
|
|
# Forward queries to
|
|
|
|
|
forward-zone:
|
2023-02-21 18:08:54 +01:00
|
|
|
name: "."
|
|
|
|
|
forward-tls-upstream: yes
|
2019-08-25 17:16:51 +02:00
|
|
|
|
2023-02-21 18:08:54 +01:00
|
|
|
# Google DNS64 for 64:ff9b::/96
|
|
|
|
|
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
|
|
|
|
|
# Google will fix it by the time I actually have IPv6 only hosts and
|
|
|
|
|
# there will be not-Google options.
|
|
|
|
|
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
|
|
|
|
|
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
|
2019-08-25 17:27:11 +02:00
|
|
|
|
2023-02-21 18:08:54 +01:00
|
|
|
# Cloudflare for 64:ff9b::/96
|
|
|
|
|
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
|
|
|
|
|
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
|
2024-04-19 08:14:32 +02:00
|
|
|
|
|
|
|
|
# vim: filetype=unbound.conf
|
