From 83d53b8c170f574826faf1f67d358dd429255700 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Wed, 15 May 2024 20:38:49 +0300
Subject: [PATCH] systemd-resolved/10-dot-cloudflare.conf: add malicious domain
 filtering and alternative SNI

---
 etc/systemd/resolved.conf.d/10-dot-cloudflare.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/etc/systemd/resolved.conf.d/10-dot-cloudflare.conf b/etc/systemd/resolved.conf.d/10-dot-cloudflare.conf
index 3cf78471..a092606a 100644
--- a/etc/systemd/resolved.conf.d/10-dot-cloudflare.conf
+++ b/etc/systemd/resolved.conf.d/10-dot-cloudflare.conf
@@ -1,5 +1,8 @@
 [Resolve]
-DNS=2606:4700:4700::1111#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 1.1.1.1#cloudflare-dns.com
+# Unfiltered
+#DNS=2606:4700:4700::1111#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#one.one.one.one 1.1.1.1#one.one.one.one 1.0.0.1#one.one.one.one  2606:4700:4700::1001#one.one.one.one
+# Malicious domain filtering
+DNS=2606:4700:4700::1112#security.cloudflare-dns.com 2606:4700:4700::1002#security.cloudflare-dns.com 1.1.1.2#security.cloudflare-dns.com 1.0.0.2#security.cloudflare-dns.com
 #DNSOverTLS=true
 
 # vim: filetype=systemd