From 6f8c7de6af06ba134e7e01a78cd17054d91779fa Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sun, 14 Mar 2021 21:00:32 +0200
Subject: [PATCH] unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater
 config)

---
 .../unbound.conf.d/00-insecure-domains.conf     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 etc/unbound/unbound.conf.d/00-insecure-domains.conf

diff --git a/etc/unbound/unbound.conf.d/00-insecure-domains.conf b/etc/unbound/unbound.conf.d/00-insecure-domains.conf
new file mode 100644
index 00000000..5a354c5b
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/00-insecure-domains.conf
@@ -0,0 +1,17 @@
+# Domains to be sent through plaintext DNS for getting hijacked by devices
+# that tend to cause headache.
+# Uses Google DNS, because I don't use it for anything else and don't plan
+# to for the foreseeable future, so it is easier to spot from logs.
+# Is it secure? Google likely also knows I have these devices on my network
+# thanks to Android.
+
+server:
+forward-zone:
+    name: "mywifiext.net"
+    forward-tls-upstream: no
+    forward-addr: 8.8.8.8
+
+forward-zone:
+    name: "tplinkrepeater.net"
+    forward-tls-upstream: no
+    forward-addr: 8.8.8.8