unbound: prefer IPv4 with private ECS using DoT servers

2024-05-07 08:26:20 +03:00 · 2024-05-07 08:26:20 +03:00 · e4d691f2b1
parent afb0801430
commit e4d691f2b1
5 changed files with 9 additions and 1 deletions
--- a/etc/unbound/unbound.conf.d/.gitignore
+++ b/etc/unbound/unbound.conf.d/.gitignore
@ -1,2 +1,3 @@
+dot-nextdns.conf
 dot-trex.conf
 cache.conf
--- a/etc/unbound/unbound.conf.d/dot-adguard.conf
+++ b/etc/unbound/unbound.conf.d/dot-adguard.conf
@ -8,6 +8,9 @@ server:
 	# Quad9 says pointless performance impact on forwarders.
 	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
 	qname-minimisation: no
+	# Private ECS is more accurate with IPv4 than IPv6.
+	prefer-ip4: yes
+	prefer-ip6: no

 forward-zone:
 	name: "."
--- a/etc/unbound/unbound.conf.d/dot-dns0.conf
+++ b/etc/unbound/unbound.conf.d/dot-dns0.conf
@ -8,6 +8,9 @@ server:
 	# Quad9 says pointless performance impact on forwarders.
 	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
 	qname-minimisation: no
+	# Private ECS is more accurate with IPv4 than IPv6.
+	prefer-ip4: yes
+	prefer-ip6: no

 forward-zone:
 	name: "."
--- a/etc/unbound/unbound.conf.d/dot-nextdns.conf
+++ b/etc/unbound/unbound.conf.d/dot-nextdns.conf
@ -0,0 +1 @@
+dot-dns0.conf
--- a/etc/unbound/unbound.conf.d/prefer-ip4.conf
+++ b/etc/unbound/unbound.conf.d/prefer-ip4.conf
@ -1,7 +1,7 @@
 server:
 	# Prefer IPv4 transport for sending DNS queries to internet nameservers.
 	#  The only case where I can imagine this being useful is when using
-	#  upstream nameserver with ECS anonymization that has more accurate IPv4
+	#  upstream nameserver with ECS privatization that has more accurate IPv4
 	#  than IPv6 client-subnet.
 	prefer-ip4: yes
 	prefer-ip6: no