From 06725e39c6ba65d5ad1bf5ac0e8cc2989d10b235 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 21 Apr 2025 08:59:19 +0300 Subject: [PATCH] unbound: add dot-dns0-quad9.conf again --- .../unbound.conf.d/dot-dns0-quad9.conf | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 etc/unbound/unbound.conf.d/dot-dns0-quad9.conf diff --git a/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf b/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf new file mode 100644 index 00000000..02e77f76 --- /dev/null +++ b/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf @@ -0,0 +1,35 @@ +# For those who really cannot choose between DNS0.eu and Quad9. At least the +# latter has a nice non-standard port. Climate and distance take priority, +# thus ECS, but with any luck DNS0 gets preferred and no attacker fingerprints +# DNS resolvers used. + +server: + # Debian ca-certificates location + #tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + # Fedora + #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + # Use system certificates no matter where they are + tls-system-cert: yes + # Quad9 says pointless performance impact on forwarders. + # https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization + qname-minimisation: no + +forward-zone: + name: "." + forward-tls-upstream: yes + forward-addr: 2a0f:fc80::@853#dns0.eu + forward-addr: 193.110.81.0@853#dns0.eu + forward-addr: 2a0f:fc81::@853#dns0.eu + forward-addr: 185.253.5.0@853#dns0.eu + ## Quad9 Secure + #forward-addr: 2620:fe::fe@8853#dns.quad9.net + #forward-addr: 2620:fe::9@8853#dns.quad9.net + #forward-addr: 9.9.9.9@8853#dns.quad9.net + #forward-addr: 149.112.112.112@8853#dns.quad9.net + ## Quad9 Secure + ECS + forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net + forward-addr: 9.9.9.11@8853#dns11.quad9.net + forward-addr: 2620:fe::11@8853#dns11.quad9.net + forward-addr: 149.112.112.11@8853#dns11.quad9.net + +# vim: filetype=unbound.conf