mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-23 03:39:22 +01:00
unbound/dns-over-tls.conf: major cleanup
This commit is contained in:
parent
b43a7c68e0
commit
c93034ba7f
@ -1,5 +1,3 @@
|
|||||||
# I am not confident using so huge list is a good idea, thus dot-*.conf's
|
|
||||||
|
|
||||||
# NOTE! Requires Unbound 1.7.3 or newer! Debian 9 has 1.6.0
|
# NOTE! Requires Unbound 1.7.3 or newer! Debian 9 has 1.6.0
|
||||||
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
|
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
|
||||||
#
|
#
|
||||||
@ -14,108 +12,31 @@ server:
|
|||||||
# ctrl.blog says this is the Fedora location
|
# ctrl.blog says this is the Fedora location
|
||||||
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||||
|
|
||||||
# Forward queries to
|
# Hopefully a reasonable set of non-filtering servers including those
|
||||||
|
# listening on 443, preferably Anycast, but not necessarily.
|
||||||
|
# This isn't so huge list anymore as I consider its reasonability and didn't
|
||||||
|
# selfdogfood it.
|
||||||
|
|
||||||
forward-zone:
|
forward-zone:
|
||||||
name: "."
|
name: "."
|
||||||
forward-tls-upstream: yes
|
forward-tls-upstream: yes
|
||||||
|
|
||||||
## DNS-over-TLS on port 443, no filtering
|
## DNS-over-TLS on port 443, no filtering
|
||||||
|
|
||||||
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
|
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
|
||||||
forward-addr: 37.252.185.232@443#dot1.appliedprivacy.net
|
forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
|
||||||
|
forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
|
||||||
# https://dnswarden.com/ - Germany
|
|
||||||
forward-addr: 2a01:4f8:1c1c:5e77::1@443#uncensored-dot.dnswarden.com
|
|
||||||
forward-addr: 2a01:4f8:1c1c:75b4::1@443#uncensored-dot.dnswarden.com
|
|
||||||
forward-addr: 116.203.35.255@443#uncensored-dot.dnswarden.com
|
|
||||||
forward-addr: 116.203.70.156@443#uncensored-dot.dnswarden.com
|
|
||||||
|
|
||||||
## DNS-over-TLS on port 853, no filtering
|
|
||||||
|
|
||||||
# CZ.NIC https://www.nic.cz/odvr/
|
|
||||||
forward-addr: 2001:148f:ffff::1@853#odvr.nic.cz
|
|
||||||
forward-addr: 2001:148f:fffe::1@853#odvr.nic.cz
|
|
||||||
forward-addr: 193.17.47.1@853#odvr.nic.cz
|
|
||||||
forward-addr: 185.43.135.1@853#odvr.nic.cz
|
|
||||||
|
|
||||||
# Lelux.fi Luxembourg
|
|
||||||
forward-addr: 2605:6400:30:f891::1@853#resolver2.lelux.fi
|
|
||||||
forward-addr: 104.244.79.229@853#resolver2.lelux.fi
|
|
||||||
|
|
||||||
# NixNet.xyz, Anycast
|
|
||||||
forward-addr: 198.251.90.114@853#uncensored.any.dns.nixnet.xyz
|
|
||||||
|
|
||||||
# Snopyta.org, Finland
|
|
||||||
forward-addr: 2a01:4f9:2a:1919::9301@853#fi.dot.dns.snopyta.org
|
|
||||||
forward-addr: 95.216.24.230@853#fi.dot.dns.snopyta.org
|
|
||||||
|
|
||||||
# uncensoreddns.org / censurfridns.dk - Anycast (Copenhagen?)
|
|
||||||
forward-addr: 2001:67c:28a4::@853#anycast.censurfridns.dk
|
|
||||||
forward-addr: 91.239.100.100@853#anycast.censurfridns.dk
|
|
||||||
|
|
||||||
# Cloudflare DNS - anycast
|
# Cloudflare DNS - anycast
|
||||||
# warning: for-profit business (and too big in my opinion), USA based
|
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||||
# my conscience demands me to comment it due to their thread to
|
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||||
# decentralization
|
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||||
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||||
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
|
||||||
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
|
||||||
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
|
||||||
|
|
||||||
# https://securedns.eu/ - The Netherlands
|
# Quad9 - Anycast, USA based
|
||||||
forward-addr: 2a03:b0c0:0:1010::e9a:3001@853#dot.securedns.eu
|
# Non filtering "insecure" servers without DNSSEC, but that is done
|
||||||
forward-addr: 146.185.167.43@853#dot.securedns.eu
|
# by Unbound locally anyway.
|
||||||
|
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
|
||||||
|
forward-addr: 9.9.9.10@853#dns10.quad9.net
|
||||||
|
forward-addr: 2620:fe::10@853#dns10.quad9.net
|
||||||
|
forward-addr: 149.112.112.10@853#dns10.quad9.net
|
||||||
|
|
||||||
## Malicious domain filtering
|
|
||||||
|
|
||||||
# Quad9 - warning: uncommenting others simultaneously will break
|
|
||||||
# malicious domain blocking. - Anycast, USA based
|
|
||||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
|
||||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
|
||||||
forward-addr: 2620:fe::9@853#dns.quad9.net
|
|
||||||
forward-addr: 149.112.112.112@853#dns.quad9.net
|
|
||||||
|
|
||||||
# AdBlocking DNS
|
|
||||||
|
|
||||||
# AdGuard DNS - warning: for-profit business which task is to lie (to
|
|
||||||
# block ads) - anycast (Cyprus based)
|
|
||||||
#forward-addr: 176.103.130.130@853#dns.adguard.com
|
|
||||||
#forward-addr: 176.103.130.131@853#dns.adguard.com
|
|
||||||
|
|
||||||
# BlahDNS.com - uncommented due to 443, so even with blocked queries
|
|
||||||
# something might work on a restricted network
|
|
||||||
# Germany
|
|
||||||
forward-addr: 2a01:4f8:1c1c:6b4b::1@443#dot-de.blahdns.com
|
|
||||||
forward-addr: 159.69.198.101@443#dot-de.blahdns.com
|
|
||||||
# Yggdrasil
|
|
||||||
forward-addr: 201:742c:871d:24ef:c850:e1ff:41c7:12bc@443#dot-de.blahdns.com
|
|
||||||
# Finland
|
|
||||||
forward-addr: 2a01:4f9:c010:43ce::1@443#dot-fi.blahdns.com
|
|
||||||
forward-addr: 95.216.212.177@443#dot-fi.blahdns.com
|
|
||||||
# Yggdrasil
|
|
||||||
forward-addr: 200:37c8:cf4:4453:3692:5b98:c2db:9065@443#dot-fi.blahdns.com
|
|
||||||
# Japan
|
|
||||||
forward-addr: 2001:19f0:7001:3259:5400:02ff:fe71:0bc9@443#dot-jp.blahdns.com
|
|
||||||
forward-addr: 45.32.55.94@443#dot-jp.blahdns.com
|
|
||||||
# Yggdrasil
|
|
||||||
forward-addr: 202:f97c:46c8:d7b4:71f1:7e8b:2e64:353d@443#dot-jp.blahdns.com
|
|
||||||
|
|
||||||
# dnswarden.com - Germany
|
|
||||||
# note: short blacklist
|
|
||||||
#forward-addr: 2a01:4f8:1c1c:5e77::1@443#adblock-dot.dnswarden.com
|
|
||||||
#forward-addr: 2a01:4f8:1c1c:75b4::1@443#adblock-dot.dnswarden.com
|
|
||||||
#forward-addr: 116.203.35.255@443#adblock-dot.dnswarden.com
|
|
||||||
#forward-addr: 116.203.70.156@443#adblock-dot.dnswarden.com
|
|
||||||
|
|
||||||
# https://securedns.eu/ - The Netherlands
|
|
||||||
#forward-addr: 2a03:b0c0:0:1010::e9a:3001@853#ads-dot.securedns.eu
|
|
||||||
#forward-addr: 146.185.167.43@853#ads-dot.securedns.eu
|
|
||||||
|
|
||||||
## Hopefully in the future
|
|
||||||
|
|
||||||
# DNS.WATCH (German) - PROBLEM: NO DOT AS OF 2019-07-22 but in hope
|
|
||||||
# they will have it I am leaving these here.
|
|
||||||
#forward-addr: 2001:1608:10:25::1c04:b12f@853#resolver1.dns.watch
|
|
||||||
#forward-addr: 2001:1608:10:25::9249:d69b@853#resolver2.dns.watch
|
|
||||||
#forward-addr: 84.200.69.80@853#resolver1.dns.watch
|
|
||||||
#forward-addr: 84.200.70.40@853#resolver2.dns.watch
|
|
||||||
|
Loading…
Reference in New Issue
Block a user