Commit Graph

183 Commits

Author SHA1 Message Date
d17ad34650
unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented) 2024-04-25 13:26:01 +03:00
886b8dbfbd
unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea
This will break DNSSEC and a lot of things.
2024-04-22 15:39:47 +03:00
aac3ccdec3
unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com 2024-04-22 11:26:46 +03:00
abd21e008a
well-known-dns.conf: typetransparent subdomains just in case
Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.
2024-04-22 07:42:53 +03:00
579e98f27c
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA 2024-04-22 07:28:55 +03:00
623a9150fd
unbound: merge 00-insecure-domains.conf into blocklist.conf 2024-04-22 07:10:18 +03:00
892feb3c1b
unbound/blocklist: add fritz.box. 2024-04-22 07:06:21 +03:00
ce9159e756
unbound/dot-quad9.conf: prettier sorting 2024-04-21 13:13:41 +03:00
a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port 2024-04-21 10:54:22 +03:00
e6bd2b13ad
unbound: add TREX upstream configuration 2024-04-20 20:25:48 +03:00
a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open} 2024-04-20 17:59:46 +03:00
422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS 2024-04-20 17:50:12 +03:00
45f1c1078f
unbound/well-known-dns.conf: add Google DNS 2024-04-20 09:10:36 +03:00
134622edad
unbound/well-known-dns.conf: add missing dots 2024-04-20 09:00:44 +03:00
e319c8aacf
unbound: restore and update blocklist.conf
This reverts commit fe8ac1bbb7.
2024-04-20 08:57:26 +03:00
c7633838de
unbound: fill well-known-dns.conf some more 2024-04-20 08:52:49 +03:00
6a87111f8b
unbound/well-known-dns.conf: initial commit 2024-04-19 19:58:23 +03:00
1e22108950
unbound/00-insecure-domains.conf: qname minimization is not relevant here 2024-04-19 09:17:01 +03:00
1a1bf9adb9
unbound/conf.d: add vim modelines/filetypes 2024-04-19 09:14:32 +03:00
4c4508ba36
unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces 2024-04-18 11:16:20 +03:00
5097076daf
unbound: also disable qname-minimization for DNSo53 forwarders 2024-04-17 16:03:23 +03:00
363be56010
unbound: move to tls-ystem-cert from tls-cert-bundle & disable qname minimization for DoT forward-zones 2024-04-17 16:01:38 +03:00
8c748dd2d6
unbound/dot-dns0-quad9.conf: fix duplicate forward zone 2024-04-14 14:23:58 +03:00
46ac8aefd8
unbound: add dot-dns0-quad9.conf 2024-04-12 17:01:32 +03:00
b1a0125674
unbound: add local-tlds.conf 2024-04-12 14:16:10 +03:00
73865c747d
root-auto-trust-anchor-file.conf -> debian-root-auto-trust-anchor-file.conf
Let's not overwrite files accidentally
2024-04-12 10:56:51 +03:00
4d4dc026fd
unbound: ipv6.conf -> prefer-ipv6.conf
more descriptive name
2024-04-12 09:19:02 +03:00
4a08068634
unbound/cache: serve-expired: yes
I am unsure on whether this actually affects anything without setting the other expired options too
2024-04-07 19:44:10 +03:00
b03218c78b
unbound/cache.conf: add prefetch & prefetch-key 2024-04-07 17:34:36 +03:00
fe8ac1bbb7
unbound: remove blocklists, deprecated by Browser Policy 2024-02-15 20:47:34 +02:00
c55b2a6aed
{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either 2024-02-11 13:37:32 +02:00
13a8956758
{resolved,unbound}/nordvpn: add dns0 in case it helps with automatic connection issues 2024-02-02 08:51:52 +02:00
bc39daa2ed
unbound/insecure-domains: add norwegianwifi.com
while it's unlikely for me to run unbound on flight
2024-01-27 13:09:14 +02:00
8a93a2a9ac
unbound: another accidental rewrite of nordvpn.conf, now with IPv6 2024-01-23 09:20:13 +02:00
8a73d0fd63
unbound.conf.d: add nordvpn.conf 2024-01-04 12:28:38 +02:00
9a0895e412
unbound: merge dot-quad9-ecs.conf into dot-quad9.conf 2023-12-31 16:38:05 +02:00
dba9d4c908
unbound/dot-dns0-*.conf: merge to dot-dns0.conf 2023-12-30 15:46:22 +02:00
428802a4fd
unbound: rm mullvad configuration
It's wrong and I am not currently using it
2023-11-12 12:51:54 +02:00
b8f1aa69dd
unbound/00-insecure-domains.conf: add router.asus.com 2023-10-07 13:10:07 +03:00
34b4ffb8ac
unbound/dns-over-tls.conf: cut to 443 and private ECS capable non-filtering servers 2023-08-04 12:45:03 +03:00
d024ac1234
Revert "rm etc/unbound/unbound.conf.d/dns-over-tls.conf"
This reverts commit e9998f4079.
2023-08-04 12:27:41 +03:00
6159876f05
unbound/blocklist.conf: add {reddit,twitter}.com to support the protest 2023-06-11 18:53:16 +03:00
7ac9b9a7cc
etc/unbound/blocklist: remove duplicates, add graph.facebook.com
`local-zone: "google-analytics.com." always_refuse` implies subdomains
2023-06-06 12:09:48 +03:00
5d00ccaf6b
unbound: add blocklist-tld.conf mainly for zip & mov 2023-05-28 10:36:52 +03:00
ca2956b678
unbound/blocklist: note encrypted client hello 2023-05-13 17:17:20 +03:00
603ac4a011
unbound/blocklist.conf: remove Mozilla Telemetry 2023-05-13 17:16:17 +03:00
fdeab81c2b
unbound/blocklist.conf: add matrix.to as dared by !KMbEUhVQHLwZHmwzKX:matrix.org 2023-05-13 17:14:45 +03:00
e9998f4079
rm etc/unbound/unbound.conf.d/dns-over-tls.conf
I think the file is inherently flawed due to different types of filtering/non-filtering resolvers, different locations, unknown ECS policies etc. Importantly I am not actively looking at this and just came across old version running in production
2023-02-26 09:15:19 +02:00
9bdc67dd29
unbound & systmed-resolved: add DNS0 open
Ref: #153
2023-02-23 10:11:03 +02:00
cc5e7b7225
unbound: add DNS0 & DNS0 zero DoT config
Resolves: #153
2023-02-22 10:58:04 +02:00
2e6a03d402
sastisfy editorconfig check 2023-02-21 19:08:54 +02:00
1de04a8367
unbound/00-insecure-domains.conf: add http.badssl.com, my captive portal trigger goto 2022-10-03 22:01:15 +03:00
1e40420115
unbound: rm outdated yggdrasil-override
Ref: #89
2021-10-05 12:38:16 +03:00
bfa51f500b
unbound/dns-over-tls.conf: stop advertising Debian 9 2021-10-05 12:34:10 +03:00
ee293669d9
unbound: add dot-flushable-cache.conf
Resolves: #105
2021-10-05 12:33:40 +03:00
75731868e7
unbound/dns-over-tls.conf: allow non-Finnish anycast & note being used on servers 2021-06-11 19:39:57 +03:00
1ad289aa49
unbound/dot-mullvad-adblock.conf: add missing port number 2021-04-27 21:40:16 +03:00
41879fe5e8
unbound.conf.d: rm dns-mullvad, add dot-mullvad[-adblock] 2021-04-27 21:35:58 +03:00
6f8c7de6af
unbound.conf.d: add 00-insecure-domains.conf (WiFi repeater config) 2021-03-14 21:00:32 +02:00
abb0c37ef2
unbound.conf.d: add yggdrasil-override.conf
Begins #89 at a better time
2020-12-15 20:34:01 +02:00
e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00
e7a6e00b83
unbound/dns-over-tls: comment Adguard & NextDNS for not being in FI 2020-11-15 09:46:50 +02:00
aadcc009a0
unbound/dns-over-tls.conf: add Adguard (unfiltered) & NextDNS 2020-11-12 16:12:18 +02:00
3289a812ee
unbound: add dns-mullvad.conf (not encrypted)
Contains Mullvad Wireguard, OpenVPN and public addresses
2020-11-10 16:04:48 +02:00
f878041e2e
unbound/dns-over-tls.conf: reverse order of providers
It seems to have some (small?) relevance to where queries go to.
2020-10-29 16:24:52 +02:00
6e1f41533c
unbound/dns-over-tls.conf: comment the 443 appliedprivacy
Thinking it a bit more, it's not useful to use their resources on
devices that practically never encounter blocked port 853.
2020-10-29 13:22:19 +02:00
c93034ba7f
unbound/dns-over-tls.conf: major cleanup 2020-10-29 13:15:23 +02:00
1e70d7d4d7
etc/systemd-resolved&unbound: add Quad9 ECS configs
Untested. The last time I saw the documentation, they didn't mention
DoT.
2020-10-21 17:09:20 +03:00
31a15a9abc
systemd-resolved & unbound: update AdGuard IPs
Resolves: #81
2020-09-27 14:34:54 +03:00
6c2475676c
unbound.conf.d/dot-adguard.conf: fix SNI domain 2020-08-30 16:56:51 +03:00
edb259b1c8
unbound.conf.d: add dot-adguard.conf 2020-08-30 16:45:35 +03:00
cc965d4692
blocklist.conf: add empty line & incoming.telemetry.mozilla.org 2020-08-22 23:31:54 +03:00
263f828550
unbound blocklist: add ssl.google-analytics.com 2020-08-20 19:30:47 +03:00
94eace15e7
unbound/blocklist.conf: specify it's server clause
Introduced by e4d18d47c5
2020-08-20 18:38:37 +03:00
cabf7c570d
blocklist.conf: add [www.]google-analytics.com. 2020-08-20 18:33:51 +03:00
b5cafdeb90
unbound: the mass file is not a good idea? cut it? 2020-08-16 12:18:07 +03:00
7541d93206
dns-over-tls.conf: update BlahDNS-JP addresses 2019-12-01 12:48:02 +02:00
10b1b8ad86
unbound/dot: fix outdated comment 2019-11-03 00:49:19 +02:00
7b2c1568d1
unbound/dns-over-tls.conf: replace BlahDNS CH with FI
Shutting down on December 31th https://blahdns.com/
2019-11-03 00:15:59 +02:00
d062d6675c
unbound/blacklist.conf: Riot has fixed it's habits
Integration manager and identity server can be configured in settings
2019-10-16 15:01:48 +03:00
1e636a65af
unbound/dns-over-tls.conf: enable BlahDNS over Yggdrasil 2019-10-08 20:52:41 +03:00
0ca2718569
unbound/blocklist.conf: use always_nxdomain, remove publicbt.com 2019-09-10 21:27:23 +03:00
0c70f41afc
unbound/blocklist: uncomment vector.im, add use-application-dns.net
* Vector.im is the identity server that gets restored by itself and I
  don't seem to ever have any business to Vector.im website, while
  the other domains I need to visit at times.
* use-application-dns.net being NXDOMAIN tells Firefox to not send
  traffic to Cloudflare DoH. I thought of this when I saw the news and
  got courage to actually do this after seeing that DNSCrypt-proxy also
  does so.
2019-09-07 14:42:15 +03:00
9bcd2d61c7
unbound/*dns64*: add Cloudflare 2019-08-25 18:27:11 +03:00
aa2c53349d
unbound/plain-dns64.conf: add Google DNS 2019-08-25 18:21:16 +03:00
31aa6066b5
unbound/dns-over-tls.conf: don't mention forwards.conf
I renamed it.
2019-08-25 18:17:50 +03:00
41644a9b65
unbound: add dns64-over-tls.conf (broken for now) 2019-08-25 18:16:51 +03:00
6308c9af72
unbound: clean up plain-dns64.conf (only TREX for now) 2019-08-25 18:09:50 +03:00
04658408d4
unbound: rename forwards.conf -> plain-dns64.conf 2019-08-25 18:07:28 +03:00
3dc273fbe0
unbound: mention other files of interest in dot & add threads 2019-08-24 12:40:04 +03:00
6274ed8e13
unbound/dot: add nic.cz & nixnet 2019-08-24 12:02:26 +03:00
5462af3059
unbound/dot: add Lelux.fi 2019-08-24 11:57:42 +03:00
7afaa57882
unbound/dot: add Snopyta 2019-08-24 11:55:22 +03:00
4e4d19a765
unbound.conf.d/logging.conf: print statistics hourly 2019-08-20 18:05:19 +03:00
d7d252f98f
unbound/logging: add statistics printing 2019-08-20 17:41:43 +03:00
2c3fe4a5df
unbound: enable IPv6 preferring 2019-08-20 12:49:19 +03:00
be7c4185eb
etc/unbound/dns-over-tls: comment Cloudflare 2019-08-20 11:49:37 +03:00
26624bcd5d
unbound.conf.d: increase TTL to 15 mins from 5 2019-08-17 21:06:01 +03:00
d539237fbf
unbound/blocklist.conf: add source 2019-08-17 13:43:11 +03:00
057d42bafd
unbound/dns-over-tls.conf: fix typo 2019-08-17 13:40:39 +03:00