diff --git a/etc/systemd/resolved.conf.d/10-dot-quad9.conf b/etc/systemd/resolved.conf.d/10-dot-quad9.conf index 9c5eb4d3..52093bb2 100644 --- a/etc/systemd/resolved.conf.d/10-dot-quad9.conf +++ b/etc/systemd/resolved.conf.d/10-dot-quad9.conf @@ -3,17 +3,17 @@ # encryption, but host a Quad9 node and giving these addresses instead. [Resolve] # Secure -DNS=2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net -DNS=[2620:fe::9]:8853#dns.quad9.net 149.112.112.112:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net +#DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net +DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net # No Threat Blocking -#DNS=2620:fe::10#dns10.quad9.net 149.112.112.10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net -#DNS=[2620:fe::10]:8853#dns10.quad9.net 149.112.112.10:8853#dns10.quad9.net [2620:fe::fe:10]:8853#dns10.quad9.net 9.9.9.10:8853#dns10.quad9.net +#DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net [2620:fe::10]:8853#dns10.quad9.net [2620:fe::fe:10]:8853#dns10.quad9.net +#DNS=149.112.112.10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10:8853#dns10.quad9.net 9.9.9.10:8853#dns10.quad9.net # Secure + ECS -#DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net -#DNS=[2620:fe::11]:8853#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net +DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net +#DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net # No Threat Blocking + ECS -#DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net -#DNS=9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net +DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net +DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net #DNSOverTLS=true # vim: filetype=systemd diff --git a/etc/unbound/unbound.conf.d/dns-over-tls.conf b/etc/unbound/unbound.conf.d/dns-over-tls.conf index 7bb82bdc..f6690018 100644 --- a/etc/unbound/unbound.conf.d/dns-over-tls.conf +++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf @@ -42,21 +42,21 @@ forward-zone: forward-addr: 2606:1a40:1::@853#s0.freedns.controld.com # Quad9 unfiltered, anycast, no ECS, no DNSSEC (Unbound does that) - forward-addr: 2620:fe::fe:10@853#dns10.quad9.net - forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net + #forward-addr: 2620:fe::fe:10@853#dns10.quad9.net + #forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net forward-addr: 149.112.112.10@853#dns10.quad9.net forward-addr: 149.112.112.10@8853#dns10.quad9.net - forward-addr: 2620:fe::10@853#dns10.quad9.net - forward-addr: 2620:fe::10@8853#dns10.quad9.net + #forward-addr: 2620:fe::10@853#dns10.quad9.net + #forward-addr: 2620:fe::10@8853#dns10.quad9.net forward-addr: 9.9.9.10@853#dns10.quad9.net forward-addr: 9.9.9.10@8853#dns10.quad9.net # Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that) - #forward-addr: 2620:fe::fe:12@853#dns12.quad9.net - #forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net + forward-addr: 2620:fe::fe:12@853#dns12.quad9.net + forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net #forward-addr: 9.9.9.12@853#dns12.quad9.net #forward-addr: 9.9.9.12@8853#dns12.quad9.net - #forward-addr: 2620:fe::12@853#dns12.quad9.net - #forward-addr: 2620:fe::12@8853#dns12.quad9.net + forward-addr: 2620:fe::12@853#dns12.quad9.net + forward-addr: 2620:fe::12@8853#dns12.quad9.net #forward-addr: 149.112.112.12@853#dns12.quad9.net #forward-addr: 149.112.112.12@8853#dns12.quad9.net diff --git a/etc/unbound/unbound.conf.d/dot-quad9.conf b/etc/unbound/unbound.conf.d/dot-quad9.conf index c5addfff..4d2f20cb 100644 --- a/etc/unbound/unbound.conf.d/dot-quad9.conf +++ b/etc/unbound/unbound.conf.d/dot-quad9.conf @@ -17,10 +17,10 @@ forward-zone: name: "." forward-tls-upstream: yes ## Secure - forward-addr: 2620:fe::fe@853#dns.quad9.net - forward-addr: 2620:fe::fe@8853#dns.quad9.net - forward-addr: 2620:fe::9@853#dns.quad9.net - forward-addr: 2620:fe::9@8853#dns.quad9.net + #forward-addr: 2620:fe::fe@853#dns.quad9.net + #forward-addr: 2620:fe::fe@8853#dns.quad9.net + #forward-addr: 2620:fe::9@853#dns.quad9.net + #forward-addr: 2620:fe::9@8853#dns.quad9.net forward-addr: 9.9.9.9@853#dns.quad9.net forward-addr: 9.9.9.9@8853#dns.quad9.net forward-addr: 149.112.112.112@853#dns.quad9.net @@ -35,12 +35,12 @@ forward-zone: #forward-addr: 9.9.9.10@853#dns10.quad9.net #forward-addr: 9.9.9.10@8853#dns10.quad9.net ## Secure + ECS - #forward-addr: 2620:fe::fe:11@853#dns11.quad9.net - #forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net + forward-addr: 2620:fe::fe:11@853#dns11.quad9.net + forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net #forward-addr: 9.9.9.11@853#dns11.quad9.net #forward-addr: 9.9.9.11@8853#dns11.quad9.net - #forward-addr: 2620:fe::11@853#dns11.quad9.net - #forward-addr: 2620:fe::11@8853#dns11.quad9.net + forward-addr: 2620:fe::11@853#dns11.quad9.net + forward-addr: 2620:fe::11@8853#dns11.quad9.net #forward-addr: 149.112.112.11@853#dns11.quad9.net #forward-addr: 149.112.112.11@8853#dns11.quad9.net ## No Threat Blocking + ECS diff --git a/etc/unbound/unbound.conf.d/ecs.conf.sample b/etc/unbound/unbound.conf.d/ecs.conf.sample index a40a196f..a7326d05 100644 --- a/etc/unbound/unbound.conf.d/ecs.conf.sample +++ b/etc/unbound/unbound.conf.d/ecs.conf.sample @@ -4,13 +4,13 @@ client-subnet-zone: "." #client-subnet-always-forward: yes # Send different subnet size #max-client-subnet-ipv6: "16" -#max-client-subnet-ipv4: "48" +max-client-subnet-ipv4: "0" # IP address to send as client subnet. Optionally /CIDR can be appended. # # These are actual Moi.fi IP addresses (dynamic, so they will likely # change very soon and thus kind of become "anonymized" :D) -send-client-subnet: "82.203.160.208/17" -send-client-subnet: "2001:14bb:653:a161:9d7b:be7a:1e40:ad7/29" +#send-client-subnet: "82.203.160.208" +send-client-subnet: "2001:14bb:653:a161:9d7b:be7a:1e40:ad7" # vim: filetype=unbound.conf