From a7ef548dab64f868eca9463cbaf769bbd12efa92 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Sat, 18 May 2024 16:06:54 +0300 Subject: [PATCH] {chromium,unbound}: experimental dot-private-ecs.conf --- etc/opt/chromium/policies/managed/.gitignore | 1 + .../policies/managed/doh-adguard-dns0.json | 1 + .../policies/managed/doh-private-ecs.json | 4 +++ etc/unbound/unbound.conf.d/.gitignore | 1 + .../unbound.conf.d/dot-adguard-dns0.conf | 1 + .../unbound.conf.d/dot-private-ecs.conf | 29 +++++++++++++++++++ 6 files changed, 37 insertions(+) create mode 120000 etc/opt/chromium/policies/managed/doh-adguard-dns0.json create mode 100644 etc/opt/chromium/policies/managed/doh-private-ecs.json create mode 120000 etc/unbound/unbound.conf.d/dot-adguard-dns0.conf create mode 100644 etc/unbound/unbound.conf.d/dot-private-ecs.conf diff --git a/etc/opt/chromium/policies/managed/.gitignore b/etc/opt/chromium/policies/managed/.gitignore index a80f580c..09632249 100644 --- a/etc/opt/chromium/policies/managed/.gitignore +++ b/etc/opt/chromium/policies/managed/.gitignore @@ -1 +1,2 @@ doh-cloudflare-secure.json +doh-adguard-dns0.json diff --git a/etc/opt/chromium/policies/managed/doh-adguard-dns0.json b/etc/opt/chromium/policies/managed/doh-adguard-dns0.json new file mode 120000 index 00000000..be1bcd34 --- /dev/null +++ b/etc/opt/chromium/policies/managed/doh-adguard-dns0.json @@ -0,0 +1 @@ +doh-private-ecs.json \ No newline at end of file diff --git a/etc/opt/chromium/policies/managed/doh-private-ecs.json b/etc/opt/chromium/policies/managed/doh-private-ecs.json new file mode 100644 index 00000000..7d6d70c9 --- /dev/null +++ b/etc/opt/chromium/policies/managed/doh-private-ecs.json @@ -0,0 +1,4 @@ +{ + "DnsOverHttpsMode": "secure", + "DnsOverHttpsTemplates": "https://unfiltered.adguard-dns.com/dns-query https://open.dns0.eu/" +} diff --git a/etc/unbound/unbound.conf.d/.gitignore b/etc/unbound/unbound.conf.d/.gitignore index 583e7ac8..25d9f945 100644 --- a/etc/unbound/unbound.conf.d/.gitignore +++ b/etc/unbound/unbound.conf.d/.gitignore @@ -1,3 +1,4 @@ dot-nextdns.conf dot-trex.conf cache.conf +dot-adguard-dns0.conf diff --git a/etc/unbound/unbound.conf.d/dot-adguard-dns0.conf b/etc/unbound/unbound.conf.d/dot-adguard-dns0.conf new file mode 120000 index 00000000..4290b259 --- /dev/null +++ b/etc/unbound/unbound.conf.d/dot-adguard-dns0.conf @@ -0,0 +1 @@ +dot-private-ecs.conf \ No newline at end of file diff --git a/etc/unbound/unbound.conf.d/dot-private-ecs.conf b/etc/unbound/unbound.conf.d/dot-private-ecs.conf new file mode 100644 index 00000000..bc654a1f --- /dev/null +++ b/etc/unbound/unbound.conf.d/dot-private-ecs.conf @@ -0,0 +1,29 @@ +server: + # Debian ca-certificates location + #tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + # Fedora + #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem + # Use system certificates no matter where they are + tls-system-cert: yes + # Quad9 says pointless performance impact on forwarders. + # https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization + qname-minimisation: no + # Private ECS is more accurate with IPv4 than IPv6. + prefer-ip4: yes + prefer-ip6: no +# AdGuard Public DNS without filtering. +forward-zone: + name: "." + forward-tls-upstream: yes + # AdGuard Public DNS without filtering + forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com + forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com + forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com + forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com + # DNS0.eu without filtering + forward-addr: 193.110.81.254@853#open.dns0.eu + forward-addr: 185.253.5.254@853#open.dns0.eu + forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu + forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu + +# vim: filetype=unbound.conf