unbound: add dns64-over-tls.conf (broken for now)

2019-08-25 18:16:51 +03:00 · 2019-08-25 18:16:51 +03:00 · 41644a9b65
parent 6308c9af72
commit 41644a9b65
1 changed files with 20 additions and 0 deletions
--- a/etc/unbound/unbound.conf.d/dns64-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns64-over-tls.conf
@ -0,0 +1,20 @@
+# NOTE: Read dns-over-tls.conf! This is only for IPv6-only hosts which
+# are currently rare. And this is more of a placeholder.
+
+server:
+  # Debian ca-certificates location
+  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+  # ctrl.blog says this is the Fedora location
+  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
+# Forward queries to
+forward-zone:
+    name: "."
+    forward-tls-upstream: yes
+
+    # Google DNS64 for 64:ff9b::/96
+    # As of 2019-08-25 this doesn't seem to actually be working, but I hope
+    # Google will fix it by the time I actually have IPv6 only hosts and
+    # there will be not-Google options.
+    forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
+    forward-addr: 2001:4860:4860::64@853#dns64.dns.google