1e22108950 
							
						 
					 
					
						
						
							
							unbound/00-insecure-domains.conf: qname minimization is not relevant here  
						
						
						
						
					 
					
						2024-04-19 09:17:01 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1a1bf9adb9 
							
						 
					 
					
						
						
							
							unbound/conf.d: add vim modelines/filetypes  
						
						
						
						
					 
					
						2024-04-19 09:14:32 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b3eb6e06e7 
							
						 
					 
					
						
						
							
							unbound: add symlink for the Fedora name as I keep tab failing  
						
						
						
						
					 
					
						2024-04-19 09:09:36 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4c4508ba36 
							
						 
					 
					
						
						
							
							unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces  
						
						
						
						
					 
					
						2024-04-18 11:16:20 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5097076daf 
							
						 
					 
					
						
						
							
							unbound: also disable qname-minimization for DNSo53 forwarders  
						
						
						
						
					 
					
						2024-04-17 16:03:23 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							363be56010 
							
						 
					 
					
						
						
							
							unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones  
						
						
						
						
					 
					
						2024-04-17 16:01:38 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8c748dd2d6 
							
						 
					 
					
						
						
							
							unbound/dot-dns0-quad9.conf: fix duplicate forward zone  
						
						
						
						
					 
					
						2024-04-14 14:23:58 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							46ac8aefd8 
							
						 
					 
					
						
						
							
							unbound: add dot-dns0-quad9.conf  
						
						
						
						
					 
					
						2024-04-12 17:01:32 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b1a0125674 
							
						 
					 
					
						
						
							
							unbound: add local-tlds.conf  
						
						
						
						
					 
					
						2024-04-12 14:16:10 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							73865c747d 
							
						 
					 
					
						
						
							
							root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf  
						
						... 
						
						
						
						Let's not overwrite files accidentally 
						
						
					 
					
						2024-04-12 10:56:51 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4d4dc026fd 
							
						 
					 
					
						
						
							
							unbound: ipv6.conf -> prefer-ipv6.conf  
						
						... 
						
						
						
						more descriptive name 
						
						
					 
					
						2024-04-12 09:19:02 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4a08068634 
							
						 
					 
					
						
						
							
							unbound/cache: serve-expired: yes  
						
						... 
						
						
						
						I am unsure on whether this actually affects anything without setting the other expired options too 
						
						
					 
					
						2024-04-07 19:44:10 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b03218c78b 
							
						 
					 
					
						
						
							
							unbound/cache.conf: add prefetch & prefetch-key  
						
						
						
						
					 
					
						2024-04-07 17:34:36 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							fe8ac1bbb7 
							
						 
					 
					
						
						
							
							unbound: remove blocklists, deprecated by Browser Policy  
						
						
						
						
					 
					
						2024-02-15 20:47:34 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c55b2a6aed 
							
						 
					 
					
						
						
							
							{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either  
						
						
						
						
					 
					
						2024-02-11 13:37:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							13a8956758 
							
						 
					 
					
						
						
							
							{resolved,unbound}/nordvpn: add dns0 in case it helps with automatic connection issues  
						
						
						
						
					 
					
						2024-02-02 08:51:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							bc39daa2ed 
							
						 
					 
					
						
						
							
							unbound/insecure-domains: add norwegianwifi.com  
						
						... 
						
						
						
						while it's unlikely for me to run unbound on flight 
						
						
					 
					
						2024-01-27 13:09:14 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8a93a2a9ac 
							
						 
					 
					
						
						
							
							unbound: another accidental rewrite of nordvpn.conf, now with IPv6  
						
						
						
						
					 
					
						2024-01-23 09:20:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8a73d0fd63 
							
						 
					 
					
						
						
							
							unbound.conf.d: add nordvpn.conf  
						
						
						
						
					 
					
						2024-01-04 12:28:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9a0895e412 
							
						 
					 
					
						
						
							
							unbound: merge dot-quad9-ecs.conf into dot-quad9.conf  
						
						
						
						
					 
					
						2023-12-31 16:38:05 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							dba9d4c908 
							
						 
					 
					
						
						
							
							unbound/dot-dns0-*.conf: merge to dot-dns0.conf  
						
						
						
						
					 
					
						2023-12-30 15:46:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							428802a4fd 
							
						 
					 
					
						
						
							
							unbound: rm mullvad configuration  
						
						... 
						
						
						
						It's wrong and I am not currently using it 
						
						
					 
					
						2023-11-12 12:51:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b8f1aa69dd 
							
						 
					 
					
						
						
							
							unbound/00-insecure-domains.conf: add router.asus.com  
						
						
						
						
					 
					
						2023-10-07 13:10:07 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							34b4ffb8ac 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers  
						
						
						
						
					 
					
						2023-08-04 12:45:03 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d024ac1234 
							
						 
					 
					
						
						
							
							Revert "rm etc/unbound/unbound.conf.d/dns-over-tls.conf"  
						
						... 
						
						
						
						This reverts commit e9998f4079a274182ec25bdb9a6ae17f7f42b7a0. 
						
						
					 
					
						2023-08-04 12:27:41 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6159876f05 
							
						 
					 
					
						
						
							
							unbound/blocklist.conf: add {reddit,twitter}.com to support the protest  
						
						
						
						
					 
					
						2023-06-11 18:53:16 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7ac9b9a7cc 
							
						 
					 
					
						
						
							
							etc/unbound/blocklist: remove duplicates, add graph.facebook.com  
						
						... 
						
						
						
						`local-zone: "google-analytics.com." always_refuse` implies subdomains 
						
						
					 
					
						2023-06-06 12:09:48 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5d00ccaf6b 
							
						 
					 
					
						
						
							
							unbound: add blocklist-tld.conf mainly for zip & mov  
						
						
						
						
					 
					
						2023-05-28 10:36:52 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ca2956b678 
							
						 
					 
					
						
						
							
							unbound/blocklist: note encrypted client hello  
						
						
						
						
					 
					
						2023-05-13 17:17:20 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							603ac4a011 
							
						 
					 
					
						
						
							
							unbound/blocklist.conf: remove Mozilla Telemetry  
						
						
						
						
					 
					
						2023-05-13 17:16:17 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							fdeab81c2b 
							
						 
					 
					
						
						
							
							unbound/blocklist.conf: add matrix.to as dared by !KMbEUhVQHLwZHmwzKX:matrix.org  
						
						
						
						
					 
					
						2023-05-13 17:14:45 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e9998f4079 
							
						 
					 
					
						
						
							
							rm etc/unbound/unbound.conf.d/dns-over-tls.conf  
						
						... 
						
						
						
						I think the file is inherently flawed due to different types of filtering/non-filtering resolvers, different locations, unknown ECS policies etc. Importantly I am not actively looking at this and just came across old version running in production 
						
						
					 
					
						2023-02-26 09:15:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9bdc67dd29 
							
						 
					 
					
						
						
							
							unbound & systmed-resolved: add DNS0 open  
						
						... 
						
						
						
						Ref: #153  
						
						
					 
					
						2023-02-23 10:11:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							cc5e7b7225 
							
						 
					 
					
						
						
							
							unbound: add DNS0 & DNS0 zero DoT config  
						
						... 
						
						
						
						Resolves : #153  
					
						2023-02-22 10:58:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2e6a03d402 
							
						 
					 
					
						
						
							
							sastisfy editorconfig check  
						
						
						
						
					 
					
						2023-02-21 19:08:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1de04a8367 
							
						 
					 
					
						
						
							
							unbound/00-insecure-domains.conf: add http.badssl.com, my captive portal trigger goto  
						
						
						
						
					 
					
						2022-10-03 22:01:15 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1e40420115 
							
						 
					 
					
						
						
							
							unbound: rm outdated yggdrasil-override  
						
						... 
						
						
						
						Ref: #89  
						
						
					 
					
						2021-10-05 12:38:16 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							bfa51f500b 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: stop advertising Debian 9  
						
						
						
						
					 
					
						2021-10-05 12:34:10 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ee293669d9 
							
						 
					 
					
						
						
							
							unbound: add dot-flushable-cache.conf  
						
						... 
						
						
						
						Resolves : #105  
					
						2021-10-05 12:33:40 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							75731868e7 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers  
						
						
						
						
					 
					
						2021-06-11 19:39:57 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1ad289aa49 
							
						 
					 
					
						
						
							
							unbound/dot-mullvad-adblock.conf: add missing port number  
						
						
						
						
					 
					
						2021-04-27 21:40:16 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							41879fe5e8 
							
						 
					 
					
						
						
							
							unbound.conf.d: rm dns-mullvad, add dot-mullvad[-adblock]  
						
						
						
						
					 
					
						2021-04-27 21:35:58 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6f8c7de6af 
							
						 
					 
					
						
						
							
							unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater config)  
						
						
						
						
					 
					
						2021-03-14 21:00:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							abb0c37ef2 
							
						 
					 
					
						
						
							
							unbound.conf.d: add yggdrasil-override.conf  
						
						... 
						
						
						
						Begins #89  at a better time 
						
						
					 
					
						2020-12-15 20:34:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e9aefd711b 
							
						 
					 
					
						
						
							
							blocklist.conf: refuse blocked instead of nxdomain  
						
						... 
						
						
						
						Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest. 
						
						
					 
					
						2020-11-21 12:13:55 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e7a6e00b83 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI  
						
						
						
						
					 
					
						2020-11-15 09:46:50 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							aadcc009a0 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS  
						
						
						
						
					 
					
						2020-11-12 16:12:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3289a812ee 
							
						 
					 
					
						
						
							
							unbound: add dns-mullvad.conf (not encrypted)  
						
						... 
						
						
						
						Contains Mullvad Wireguard, OpenVPN and public addresses 
						
						
					 
					
						2020-11-10 16:04:48 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f878041e2e 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: reverse order of providers  
						
						... 
						
						
						
						It seems to have some (small?) relevance to where queries go to. 
						
						
					 
					
						2020-10-29 16:24:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6e1f41533c 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: comment the 443 appliedprivacy  
						
						... 
						
						
						
						Thinking it a bit more, it's not useful to use their resources on
devices that practically never encounter blocked port 853. 
						
						
					 
					
						2020-10-29 13:22:19 +02:00