mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-29 06:29:36 +01:00
etc/systemd-resolved&unbound: add Quad9 ECS configs
Untested. The last time I saw the documentation, they didn't mention DoT.
This commit is contained in:
parent
1467454284
commit
1e70d7d4d7
7
etc/systemd/resolved.conf.d/quad9-ecs-compat.conf
Normal file
7
etc/systemd/resolved.conf.d/quad9-ecs-compat.conf
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Quad9 with client subnet / systemd-resolved. For non-tech people? See README.md
|
||||||
|
[Resolve]
|
||||||
|
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
|
||||||
|
Domains=~.
|
||||||
|
DNSSEC=allow-downgrade
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
Cache=true
|
8
etc/systemd/resolved.conf.d/quad9-ecs-strict.conf
Normal file
8
etc/systemd/resolved.conf.d/quad9-ecs-strict.conf
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# Quad9 with client subnet / systemd-resolved. For people who don't panic when DNSSEC or
|
||||||
|
# DoT doesn't work and captive portals attack? See README.md
|
||||||
|
[Resolve]
|
||||||
|
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
|
||||||
|
Domains=~.
|
||||||
|
DNSSEC=true
|
||||||
|
DNSOverTLS=true
|
||||||
|
Cache=true
|
13
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
Normal file
13
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
server:
|
||||||
|
# Debian ca-certificates location
|
||||||
|
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
# ctrl.blog says this is the Fedora location
|
||||||
|
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "."
|
||||||
|
forward-tls-upstream: yes
|
||||||
|
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
||||||
|
forward-addr: 9.9.9.11@853#dns11.quad9.net
|
||||||
|
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
||||||
|
forward-addr: 149.112.112.11@853#dns11.quad9.net
|
Loading…
Reference in New Issue
Block a user