From 46ac8aefd82c8a6b4f70245e047c33ec07dab72e Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Fri, 12 Apr 2024 17:01:32 +0300
Subject: [PATCH] unbound: add dot-dns0-quad9.conf

---
 .../unbound.conf.d/dot-dns0-quad9.conf        | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 etc/unbound/unbound.conf.d/dot-dns0-quad9.conf

diff --git a/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf b/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf
new file mode 100644
index 00000000..56cf928d
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-dns0-quad9.conf
@@ -0,0 +1,47 @@
+# This is merging of dot-dns0.conf & dot-quad9.conf
+# Both are filtering DNS servers, so this brings risk of something being
+# blocked by only one of them. However both are non-profits and have servers
+# in Finland.
+# Another issue is DNS0 having private ECS, while Quad9 with ECS enabled is
+# not.
+
+server:
+	# Debian ca-certificates location
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# Fedora
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+## DNS0.eu
+	# Default
+	forward-addr: 2a0f:fc80::@853#dns0.eu
+	forward-addr: 193.110.81.0@853#dns0.eu
+	forward-addr: 2a0f:fc81::@853#dns0.eu
+	forward-addr: 185.253.5.0@853#dns0.eu
+	# # Unfiltered
+	# forward-addr: 193.110.81.254@853#open.dns0.eu
+	# forward-addr: 185.253.5.254@853#open.dns0.eu
+	# forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
+	# forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
+	# # Heavier filtering
+	# forward-addr: 2a0f:fc80::9@853#zero.dns0.eu
+	# forward-addr: 193.110.81.9@853#zero.dns0.eu
+	# forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
+	# forward-addr: 185.253.5.9@853#zero.dns0.eu
+
+## Quad9
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	## Default
+	# forward-addr: 2620:fe::fe@853#dns.quad9.net
+	# forward-addr: 9.9.9.9@853#dns.quad9.net
+	# forward-addr: 2620:fe::9@853#dns.quad9.net
+	# forward-addr: 149.112.112.112@853#dns.quad9.net
+	## ECS
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net