From e6696d22f643135220c0cd97fd5d4ccc140addfa Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sat, 18 May 2024 15:51:13 +0300
Subject: [PATCH] Revert "unbound/dns-over-tls.conf: remove ECS and private
 ECS"

This reverts commit 78fa2b7b9ca4cbb09eb386fcf3693e0e354dc717.
---
 etc/unbound/unbound.conf.d/dns-over-tls.conf | 23 ++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/etc/unbound/unbound.conf.d/dns-over-tls.conf b/etc/unbound/unbound.conf.d/dns-over-tls.conf
index 97a4727d..7bb82bdc 100644
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@@ -12,6 +12,8 @@ server:
 # This list is for my travel laptop to have at least one DoT443 server
 # which seems to be applied-privacy.net. They advice having multiple DoT servers
 # for redundancy and as they don't filter, it's best I use other non-filtering ones.
+# Since then this expanded to include <https://www.privacyguides.org/en/dns/>.
+# just look at git blame...
 
 forward-zone:
 	name: "."
@@ -48,5 +50,26 @@ forward-zone:
 	forward-addr: 2620:fe::10@8853#dns10.quad9.net
 	forward-addr: 9.9.9.10@853#dns10.quad9.net
 	forward-addr: 9.9.9.10@8853#dns10.quad9.net
+	# Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that)
+	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
+	#forward-addr: 9.9.9.12@853#dns12.quad9.net
+	#forward-addr: 9.9.9.12@8853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@8853#dns12.quad9.net
+	#forward-addr: 149.112.112.12@853#dns12.quad9.net
+	#forward-addr: 149.112.112.12@8853#dns12.quad9.net
+
+	# https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS
+	forward-addr: 193.110.81.254@853#open.dns0.eu
+	forward-addr: 185.253.5.254@853#open.dns0.eu
+	forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
+	forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
+
+	# Adguard DNS Unfiltered Anycast. Malta based. Private ECS.
+	forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com
+	forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com
+	forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com
+	forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com
 
 # vim: filetype=unbound.conf