unbound: restore dot-dns0-quad9.conf with IPv4 for DNS0 & IPv6 for Quad9 ECS

This partially reverts commit 422ab0de4e

etc/unbound/unbound.conf.d/dot-dns0-quad9.conf

@@ -0,0 +1,34 @@
+# This is a merging of dot-dns0.conf & dot-quad9.conf with weight on DNS0
+# IPv4 and when using IPv6, Quad9 Secure with ECS. IPv6 private ECS is
+# horribly inaccurate and I have minor leaning towards having ECS enabled.
+# Private ECS is a compromise between privacy and local destinations.
+#
+# Both are filtering DNS servers, so this brings risk of something being
+# blocked by only one of them. However both are non-profits and have servers
+# in Finland.
+
+server:
+	# Debian ca-certificates location
+	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# Fedora
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	# Use system certificates no matter where they are
+	tls-system-cert: yes
+	# Quad9 says pointless performance impact on forwarders.
+	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
+	qname-minimisation: no
+	# Private ECS is more accurate with IPv4 than IPv6.
+	prefer-ip4: yes
+	prefer-ip6: no
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+## DNS0.eu IPv4 Default
+	forward-addr: 193.110.81.0@853#dns0.eu
+	forward-addr: 185.253.5.0@853#dns0.eu
+## Quad9 IPv6 Secure + ECS
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
+
+# vim: filetype=unbound.conf