From 4c41a4cb56c789f8b8115fdc4cb5a570ef6dd09f Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sat, 10 Aug 2024 12:22:18 +0300
Subject: [PATCH] systemd-resolved & unbound: add google dns for when
 everything is broken and you just want connected

---
 .../resolved.conf.d/10-dot-google.conf        |  8 ++++++
 etc/unbound/unbound.conf.d/dot-google.conf    | 25 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 etc/systemd/resolved.conf.d/10-dot-google.conf
 create mode 100644 etc/unbound/unbound.conf.d/dot-google.conf

diff --git a/etc/systemd/resolved.conf.d/10-dot-google.conf b/etc/systemd/resolved.conf.d/10-dot-google.conf
new file mode 100644
index 00000000..7e651c83
--- /dev/null
+++ b/etc/systemd/resolved.conf.d/10-dot-google.conf
@@ -0,0 +1,8 @@
+[Resolve]
+DNS=8.8.4.4#dns.google 8.8.8.8#dns.google 2001:4860:4860::8844#dns.google 2001:4860:4860::8888#dns.google
+# Google DNS64
+#DNS=2001:4860:4860::6464#dns64.dns.google	2001:4860:4860::64#dns64.dns.google
+DNSOverTLS=true
+Domains=~.
+DNSSEC=true
+# vim: filetype=systemd
diff --git a/etc/unbound/unbound.conf.d/dot-google.conf b/etc/unbound/unbound.conf.d/dot-google.conf
new file mode 100644
index 00000000..a3191f01
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-google.conf
@@ -0,0 +1,25 @@
+server:
+	# Debian ca-certificates location
+	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# Fedora
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	# Use system certificates no matter where they are
+	tls-system-cert: yes
+	# Quad9 says pointless performance impact on forwarders.
+	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
+	qname-minimisation: no
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	# Google Public DNS
+	forward-addr: 2001:4860:4860::8844@853#dns.google
+	forward-addr: 2001:4860:4860::8888@853#dns.google
+	forward-addr: 8.8.4.4@853#dns.google
+	forward-addr: 8.8.8.8@853#dns.google
+
+	# Google DNS64
+	#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
+	#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
+
+# vim: filetype=unbound.conf