unbound: replace forwards.conf with dns-over-tls.conf

Simultaneously rm puntcat, their DNS appears to be down at the moment
and I didn't find their own homepage.
This commit is contained in:
Aminda Suomalainen 2019-07-22 16:05:05 +03:00
parent 6ed44de3d1
commit ffbbe9e522
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
2 changed files with 40 additions and 4 deletions

View File

@ -0,0 +1,39 @@
# cp of forwards.conf updated to DNS over TLS time with a lot took from
# https://www.ctrl.blog/entry/unbound-tls-forwarding.html
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Forward queries to
forward-zone:
name: "."
forward-tls-upstream: yes
## Quad9 - warning: uncommenting others simultaneously will break
## malicious domain blocking.
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
## Google - warning: for-profit business
#forward-addr: 2001:4860:4860::8888@853#dns.google
#forward-addr: 2001:4860:4860::8844@853#dns.google
#forward-addr: 8.8.8.8@853#dns.google
#forward-addr: 8.8.4.4@853#dns.google
## censurfridns.dk (Copenhagen?)
#forward-addr: 2001:67c:28a4::@853#anycast.censurfridns.dk
#forward-addr: 91.239.100.100@853#anycast.censurfridns.dk
## DNS.WATCH (German) - PROBLEM: NO DOT AS OF 2019-07-22 but in hope
## they will have it I am leaving these here.
#forward-addr: 2001:1608:10:25::1c04:b12f@853#resolver1.dns.watch
#forward-addr: 2001:1608:10:25::9249:d69b@853#resolver2.dns.watch
#forward-addr: 84.200.69.80@853#resolver1.dns.watch
#forward-addr: 84.200.70.40@853#resolver2.dns.watch
## Cloudflare DNS - didn't exist in 2015 for forwards.conf
## warning: for-profit business (and too big in my opinion)
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com

View File

@ -1,4 +1,4 @@
# Forward queries to # Legacy file, use dns-over-tls.conf instead!
forward-zone: forward-zone:
name: "." name: "."
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html> # Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
@ -17,6 +17,3 @@ forward-zone:
forward-addr: 2001:1608:10:25::9249:d69b forward-addr: 2001:1608:10:25::9249:d69b
forward-addr: 84.200.69.80 forward-addr: 84.200.69.80
forward-addr: 84.200.70.40 forward-addr: 84.200.70.40
# puntCAT
forward-addr: 2a00:1508:0:4::9
forward-addr: 109.69.8.51