From cc5e7b72259930fb7adc59ede01414375e1119da Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Wed, 22 Feb 2023 10:58:04 +0200
Subject: [PATCH] unbound: add DNS0 & DNS0 zero DoT config

Resolves: #153
---
 etc/unbound/unbound.conf.d/dot-dns0-zero.conf | 13 +++++++++++++
 etc/unbound/unbound.conf.d/dot-dns0.conf      | 13 +++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 etc/unbound/unbound.conf.d/dot-dns0-zero.conf
 create mode 100644 etc/unbound/unbound.conf.d/dot-dns0.conf

diff --git a/etc/unbound/unbound.conf.d/dot-dns0-zero.conf b/etc/unbound/unbound.conf.d/dot-dns0-zero.conf
new file mode 100644
index 00000000..19374e0f
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-dns0-zero.conf
@@ -0,0 +1,13 @@
+server:
+	# Debian ca-certificates location
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# ctrl.blog says this is the Fedora location
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	forward-addr: 2a0f:fc80::9@853#zero.dns0.eu
+	forward-addr: 193.110.81.9@853#zero.dns0.eu
+	forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
+	forward-addr: 185.253.5.9@853#zero.dns0.eu
diff --git a/etc/unbound/unbound.conf.d/dot-dns0.conf b/etc/unbound/unbound.conf.d/dot-dns0.conf
new file mode 100644
index 00000000..e4ab5e46
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-dns0.conf
@@ -0,0 +1,13 @@
+server:
+	# Debian ca-certificates location
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# ctrl.blog says this is the Fedora location
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	forward-addr: 2a0f:fc80::@853#dns0.eu
+	forward-addr: 193.110.81.0@853#dns0.eu
+	forward-addr: 2a0f:fc81::@853#dns0.eu
+	forward-addr: 185.253.5.0@853#dns0.eu