From e4d691f2b111c47e942103bce9e7d88acfbe3988 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Tue, 7 May 2024 08:26:20 +0300
Subject: [PATCH] unbound: prefer IPv4 with private ECS using DoT servers

---
 etc/unbound/unbound.conf.d/.gitignore       | 1 +
 etc/unbound/unbound.conf.d/dot-adguard.conf | 3 +++
 etc/unbound/unbound.conf.d/dot-dns0.conf    | 3 +++
 etc/unbound/unbound.conf.d/dot-nextdns.conf | 1 +
 etc/unbound/unbound.conf.d/prefer-ip4.conf  | 2 +-
 5 files changed, 9 insertions(+), 1 deletion(-)
 create mode 120000 etc/unbound/unbound.conf.d/dot-nextdns.conf

diff --git a/etc/unbound/unbound.conf.d/.gitignore b/etc/unbound/unbound.conf.d/.gitignore
index 1f659d9c..583e7ac8 100644
--- a/etc/unbound/unbound.conf.d/.gitignore
+++ b/etc/unbound/unbound.conf.d/.gitignore
@@ -1,2 +1,3 @@
+dot-nextdns.conf
 dot-trex.conf
 cache.conf
diff --git a/etc/unbound/unbound.conf.d/dot-adguard.conf b/etc/unbound/unbound.conf.d/dot-adguard.conf
index c5808004..f7b06756 100644
--- a/etc/unbound/unbound.conf.d/dot-adguard.conf
+++ b/etc/unbound/unbound.conf.d/dot-adguard.conf
@@ -8,6 +8,9 @@ server:
 	# Quad9 says pointless performance impact on forwarders.
 	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
 	qname-minimisation: no
+	# Private ECS is more accurate with IPv4 than IPv6.
+	prefer-ip4: yes
+	prefer-ip6: no
 
 forward-zone:
 	name: "."
diff --git a/etc/unbound/unbound.conf.d/dot-dns0.conf b/etc/unbound/unbound.conf.d/dot-dns0.conf
index fc20bdf7..404d1a5e 100644
--- a/etc/unbound/unbound.conf.d/dot-dns0.conf
+++ b/etc/unbound/unbound.conf.d/dot-dns0.conf
@@ -8,6 +8,9 @@ server:
 	# Quad9 says pointless performance impact on forwarders.
 	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
 	qname-minimisation: no
+	# Private ECS is more accurate with IPv4 than IPv6.
+	prefer-ip4: yes
+	prefer-ip6: no
 
 forward-zone:
 	name: "."
diff --git a/etc/unbound/unbound.conf.d/dot-nextdns.conf b/etc/unbound/unbound.conf.d/dot-nextdns.conf
new file mode 120000
index 00000000..e2d2a617
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/dot-nextdns.conf
@@ -0,0 +1 @@
+dot-dns0.conf
\ No newline at end of file
diff --git a/etc/unbound/unbound.conf.d/prefer-ip4.conf b/etc/unbound/unbound.conf.d/prefer-ip4.conf
index fb5c5dce..e99a660c 100644
--- a/etc/unbound/unbound.conf.d/prefer-ip4.conf
+++ b/etc/unbound/unbound.conf.d/prefer-ip4.conf
@@ -1,7 +1,7 @@
 server:
 	# Prefer IPv4 transport for sending DNS queries to internet nameservers.
 	#  The only case where I can imagine this being useful is when using
-	#  upstream nameserver with ECS anonymization that has more accurate IPv4
+	#  upstream nameserver with ECS privatization that has more accurate IPv4
 	#  than IPv6 client-subnet.
 	prefer-ip4: yes
 	prefer-ip6: no