mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-26 04:42:37 +01:00
etc/systemd-resolved&unbound: add Quad9 ECS configs
Untested. The last time I saw the documentation, they didn't mention DoT.
This commit is contained in:
parent
1467454284
commit
1e70d7d4d7
7
etc/systemd/resolved.conf.d/quad9-ecs-compat.conf
Normal file
7
etc/systemd/resolved.conf.d/quad9-ecs-compat.conf
Normal file
@ -0,0 +1,7 @@
|
||||
# Quad9 with client subnet / systemd-resolved. For non-tech people? See README.md
|
||||
[Resolve]
|
||||
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
|
||||
Domains=~.
|
||||
DNSSEC=allow-downgrade
|
||||
DNSOverTLS=opportunistic
|
||||
Cache=true
|
8
etc/systemd/resolved.conf.d/quad9-ecs-strict.conf
Normal file
8
etc/systemd/resolved.conf.d/quad9-ecs-strict.conf
Normal file
@ -0,0 +1,8 @@
|
||||
# Quad9 with client subnet / systemd-resolved. For people who don't panic when DNSSEC or
|
||||
# DoT doesn't work and captive portals attack? See README.md
|
||||
[Resolve]
|
||||
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
|
||||
Domains=~.
|
||||
DNSSEC=true
|
||||
DNSOverTLS=true
|
||||
Cache=true
|
13
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
Normal file
13
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
Normal file
@ -0,0 +1,13 @@
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# ctrl.blog says this is the Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
||||
forward-addr: 9.9.9.11@853#dns11.quad9.net
|
||||
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
||||
forward-addr: 149.112.112.11@853#dns11.quad9.net
|
Loading…
Reference in New Issue
Block a user