unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers

2021-06-11 19:39:57 +03:00 · 2021-06-11 19:39:57 +03:00 · 75731868e7
parent c210b2723e
commit 75731868e7
1 changed files with 15 additions and 14 deletions
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@ -9,19 +9,22 @@
 server:
  # Debian ca-certificates location
  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+  # Fedora location
  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

 # Hopefully a reasonable set of non-filtering servers including those
 # listening on 443, preferably Anycast, but not necessarily.
-# This isn't so huge list anymore as I consider its reasonability and didn't
-# selfdogfood it.
+#
+# This list is mainly selfdogdfed on servers (so not being in Finland
+# is not a concern and local devices are using Mullvad (Adblock for own, nonfiltering
+# for shared family (need discount ads), Adguard filtered for 2006 print server)
+# (Also I cannot rename this file due to it being linked around))

 forward-zone:
    name: "."
    forward-tls-upstream: yes

-    # Quad9 - Anycast, USA based
+    # Quad9 - Anycast, Switzerland based
    # Non filtering "insecure" servers without DNSSEC, but that is done
    # by Unbound locally anyway.
    forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
@ -42,15 +45,13 @@ forward-zone:
    #forward-addr: 146.255.56.98@443#dot1.applied-privacy.net

    # Adguard DNS Unfiltered Anycast
-    # 2020-11-15: not in Finland, closest in Amsterdam/NL
-    #forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
-    #forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
-    #forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
-    #forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
+    forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
+    forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
+    forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
+    forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com

    # NextDNS - anycast
-    # 2020-11-15: not in Finland, closest in Stockholm/SE
-    #forward-addr: 45.90.28.0@853#dns1.nextdns.io
-    #forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
-    #forward-addr: 45.90.30.0@853#dns2.nextdns.io
-    #forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
+    forward-addr: 45.90.28.0@853#dns1.nextdns.io
+    forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
+    forward-addr: 45.90.30.0@853#dns2.nextdns.io
+    forward-addr: 2a07:a8c1::@853#dns2.nextdns.io