mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-05 00:59:22 +01:00
unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers
This commit is contained in:
parent
d024ac1234
commit
34b4ffb8ac
@ -1,57 +1,29 @@
|
||||
# NOTE! Requires Unbound 1.7.3 or newer!
|
||||
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
|
||||
#
|
||||
# NOTE! You might also be interested in cache.conf, ipv6.conf and
|
||||
# threads.conf
|
||||
# You should already have qname-minimisation.conf and
|
||||
# root-auto-trust-anchor-file.conf at least on Debian.
|
||||
|
||||
server:
|
||||
# Debian ca-certificates location
|
||||
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
||||
# Fedora location
|
||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
|
||||
# Hopefully a reasonable set of non-filtering servers including those
|
||||
# listening on 443, preferably Anycast, but not necessarily.
|
||||
#
|
||||
# This list is mainly selfdogdfed on servers (so not being in Finland
|
||||
# is not a concern and local devices are using Mullvad (Adblock for own, nonfiltering
|
||||
# for shared family (need discount ads), Adguard filtered for 2006 print server)
|
||||
# (Also I cannot rename this file due to it being linked around))
|
||||
# This list is for my travel laptop to have at least one DoT443 server
|
||||
# which seems to be applied-privacy.net. They advice having multiple DoT servers
|
||||
# for redundancy and as they don't filter, it's best I use other non-filtering ones.
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
|
||||
# Quad9 - Anycast, Switzerland based
|
||||
# Non filtering "insecure" servers without DNSSEC, but that is done
|
||||
# by Unbound locally anyway.
|
||||
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
|
||||
forward-addr: 9.9.9.10@853#dns10.quad9.net
|
||||
forward-addr: 2620:fe::10@853#dns10.quad9.net
|
||||
forward-addr: 149.112.112.10@853#dns10.quad9.net
|
||||
|
||||
# Cloudflare DNS - anycast
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
|
||||
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
|
||||
## laptops?
|
||||
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
|
||||
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
|
||||
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
|
||||
forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
|
||||
forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
|
||||
|
||||
# Adguard DNS Unfiltered Anycast
|
||||
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
|
||||
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
|
||||
# https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS
|
||||
forward-addr: 193.110.81.254@853#open.dns0.eu
|
||||
forward-addr: 185.253.5.254@853#open.dns0.eu
|
||||
forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
|
||||
forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
|
||||
|
||||
# NextDNS - anycast
|
||||
forward-addr: 45.90.28.0@853#dns1.nextdns.io
|
||||
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
|
||||
forward-addr: 45.90.30.0@853#dns2.nextdns.io
|
||||
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
|
||||
# Adguard DNS Unfiltered Anycast. Malta based. Private ECS.
|
||||
forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com
|
||||
|
Loading…
Reference in New Issue
Block a user