4081c974bb
unbound/cache.conf: make the min ttl an hour in my quest to break DNS
2024-04-28 19:15:42 +03:00
23672028d5
unbound/ecs.conf: attempt to send larger subnets than default around
2024-04-28 18:02:18 +03:00
9375b3c2b2
unbound: add dot-cloudflare.conf
2024-04-27 21:22:28 +03:00
2aa221b77f
unbound/cache: take the cache-min-ttl: 3000 challenge
...
It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that.
2024-04-27 18:35:22 +03:00
652c11391f
unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30
2024-04-27 16:52:39 +03:00
a083a9d704
unbound/cache: comment cache-min-ttl=900, add commented 3000
2024-04-27 15:42:29 +03:00
30a27f980d
unbound/cache.conf: RFC 8767ish configuration
2024-04-27 15:00:12 +03:00
1d7308e74e
unbound: explicitly enable ede and it's log
2024-04-26 13:53:50 +03:00
17e0b68d20
unbound: add dot-mullvad.conf defalting on base
...
I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.
2024-04-25 17:24:41 +03:00
a17ff2903a
unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains
2024-04-25 15:07:37 +03:00
bbeb1d3e02
unbound/nordvpn: rename, send only their domains to them
2024-04-25 14:34:47 +03:00
d17ad34650
unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented)
2024-04-25 13:26:01 +03:00
886b8dbfbd
unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea
...
This will break DNSSEC and a lot of things.
2024-04-22 15:39:47 +03:00
aac3ccdec3
unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com
2024-04-22 11:26:46 +03:00
abd21e008a
well-known-dns.conf: typetransparent subdomains just in case
...
Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.
2024-04-22 07:42:53 +03:00
579e98f27c
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA
2024-04-22 07:28:55 +03:00
623a9150fd
unbound: merge 00-insecure-domains.conf into blocklist.conf
2024-04-22 07:10:18 +03:00
892feb3c1b
unbound/blocklist: add fritz.box.
2024-04-22 07:06:21 +03:00
ce9159e756
unbound/dot-quad9.conf: prettier sorting
2024-04-21 13:13:41 +03:00
a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port
2024-04-21 10:54:22 +03:00
e6bd2b13ad
unbound: add TREX upstream configuration
2024-04-20 20:25:48 +03:00
a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open}
2024-04-20 17:59:46 +03:00
422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS
2024-04-20 17:50:12 +03:00
45f1c1078f
unbound/well-known-dns.conf: add Google DNS
2024-04-20 09:10:36 +03:00
134622edad
unbound/well-known-dns.conf: add missing dots
2024-04-20 09:00:44 +03:00
e319c8aacf
unbound: restore and update blocklist.conf
...
This reverts commit fe8ac1bbb7
.
2024-04-20 08:57:26 +03:00
c7633838de
unbound: fill well-known-dns.conf some more
2024-04-20 08:52:49 +03:00
6a87111f8b
unbound/well-known-dns.conf: initial commit
2024-04-19 19:58:23 +03:00
1e22108950
unbound/00-insecure-domains.conf: qname minimization is not relevant here
2024-04-19 09:17:01 +03:00
1a1bf9adb9
unbound/conf.d: add vim modelines/filetypes
2024-04-19 09:14:32 +03:00
b3eb6e06e7
unbound: add symlink for the Fedora name as I keep tab failing
2024-04-19 09:09:36 +03:00
4c4508ba36
unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces
2024-04-18 11:16:20 +03:00
5097076daf
unbound: also disable qname-minimization for DNSo53 forwarders
2024-04-17 16:03:23 +03:00
363be56010
unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones
2024-04-17 16:01:38 +03:00
8c748dd2d6
unbound/dot-dns0-quad9.conf: fix duplicate forward zone
2024-04-14 14:23:58 +03:00
46ac8aefd8
unbound: add dot-dns0-quad9.conf
2024-04-12 17:01:32 +03:00
b1a0125674
unbound: add local-tlds.conf
2024-04-12 14:16:10 +03:00
73865c747d
root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf
...
Let's not overwrite files accidentally
2024-04-12 10:56:51 +03:00
4d4dc026fd
unbound: ipv6.conf -> prefer-ipv6.conf
...
more descriptive name
2024-04-12 09:19:02 +03:00
4a08068634
unbound/cache: serve-expired: yes
...
I am unsure on whether this actually affects anything without setting the other expired options too
2024-04-07 19:44:10 +03:00
b03218c78b
unbound/cache.conf: add prefetch & prefetch-key
2024-04-07 17:34:36 +03:00
fe8ac1bbb7
unbound: remove blocklists, deprecated by Browser Policy
2024-02-15 20:47:34 +02:00
c55b2a6aed
{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either
2024-02-11 13:37:32 +02:00
13a8956758
{resolved,unbound}/nordvpn: add dns0 in case it helps with automatic connection issues
2024-02-02 08:51:52 +02:00
bc39daa2ed
unbound/insecure-domains: add norwegianwifi.com
...
while it's unlikely for me to run unbound on flight
2024-01-27 13:09:14 +02:00
8a93a2a9ac
unbound: another accidental rewrite of nordvpn.conf, now with IPv6
2024-01-23 09:20:13 +02:00
8a73d0fd63
unbound.conf.d: add nordvpn.conf
2024-01-04 12:28:38 +02:00
9a0895e412
unbound: merge dot-quad9-ecs.conf into dot-quad9.conf
2023-12-31 16:38:05 +02:00
dba9d4c908
unbound/dot-dns0-*.conf: merge to dot-dns0.conf
2023-12-30 15:46:22 +02:00
428802a4fd
unbound: rm mullvad configuration
...
It's wrong and I am not currently using it
2023-11-12 12:51:54 +02:00