Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-25 04:29:29 +01:00
Code Issues Projects Releases Wiki Activity

rm etc/unbound/unbound.conf.d/dns-over-tls.conf

Browse Source 
I think the file is inherently flawed due to different types of filtering/non-filtering resolvers, different locations, unknown ECS policies etc. Importantly I am not actively looking at this and just came across old version running in production
This commit is contained in:
Aminda Suomalainen 2023-02-26 09:15:19 +02:00
parent 3910216842
commit e9998f4079
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 0 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
etc/unbound/unbound.conf.d/dns-over-tls.conf
View File

@ -1,57 +0,0 @@
# NOTE! Requires Unbound 1.7.3 or newer!
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
#
# NOTE! You might also be interested in cache.conf, ipv6.conf and
# threads.conf
# You should already have qname-minimisation.conf and
# root-auto-trust-anchor-file.conf at least on Debian.
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Hopefully a reasonable set of non-filtering servers including those
# listening on 443, preferably Anycast, but not necessarily.
#
# This list is mainly selfdogdfed on servers (so not being in Finland
# is not a concern and local devices are using Mullvad (Adblock for own, nonfiltering
# for shared family (need discount ads), Adguard filtered for 2006 print server)
# (Also I cannot rename this file due to it being linked around))
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9 - Anycast, Switzerland based
# Non filtering "insecure" servers without DNSSEC, but that is done
# by Unbound locally anyway.
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
forward-addr: 9.9.9.10@853#dns10.quad9.net
forward-addr: 2620:fe::10@853#dns10.quad9.net
forward-addr: 149.112.112.10@853#dns10.quad9.net
# Cloudflare DNS - anycast
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
## laptops?
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
# Adguard DNS Unfiltered Anycast
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
# NextDNS - anycast
forward-addr: 45.90.28.0@853#dns1.nextdns.io
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
forward-addr: 45.90.30.0@853#dns2.nextdns.io
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io