From 75731868e768cd0f132d9cdb058fbf0ed40e82e5 Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Fri, 11 Jun 2021 19:39:57 +0300
Subject: [PATCH] unbound/dns-over-tls.conf: allow non-Finnish anycast & note
 being used on servers

---
 etc/unbound/unbound.conf.d/dns-over-tls.conf | 29 ++++++++++----------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/etc/unbound/unbound.conf.d/dns-over-tls.conf b/etc/unbound/unbound.conf.d/dns-over-tls.conf
index f9f4831d..86818f62 100644
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@@ -9,19 +9,22 @@
 server:
   # Debian ca-certificates location
   tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+  # Fedora location
   #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 # Hopefully a reasonable set of non-filtering servers including those
 # listening on 443, preferably Anycast, but not necessarily.
-# This isn't so huge list anymore as I consider its reasonability and didn't
-# selfdogfood it.
+#
+# This list is mainly selfdogdfed on servers (so not being in Finland
+# is not a concern and local devices are using Mullvad (Adblock for own, nonfiltering
+# for shared family (need discount ads), Adguard filtered for 2006 print server)
+# (Also I cannot rename this file due to it being linked around))
 
 forward-zone:
     name: "."
     forward-tls-upstream: yes
 
-    # Quad9 - Anycast, USA based
+    # Quad9 - Anycast, Switzerland based
     # Non filtering "insecure" servers without DNSSEC, but that is done
     # by Unbound locally anyway.
     forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
@@ -42,15 +45,13 @@ forward-zone:
     #forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
 
     # Adguard DNS Unfiltered Anycast
-    # 2020-11-15: not in Finland, closest in Amsterdam/NL
-    #forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
-    #forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
-    #forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
-    #forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
+    forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
+    forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
+    forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
+    forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
 
     # NextDNS - anycast
-    # 2020-11-15: not in Finland, closest in Stockholm/SE
-    #forward-addr: 45.90.28.0@853#dns1.nextdns.io
-    #forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
-    #forward-addr: 45.90.30.0@853#dns2.nextdns.io
-    #forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
+    forward-addr: 45.90.28.0@853#dns1.nextdns.io
+    forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
+    forward-addr: 45.90.30.0@853#dns2.nextdns.io
+    forward-addr: 2a07:a8c1::@853#dns2.nextdns.io