8d34384c78
unbound: mark dot-flushable-cache.conf as .badidea
2024-05-14 15:08:26 +03:00
901c634424
unbound: I have been using Fedora for a couple of years, I know where the ca bundle is without attributing to ctrl.blog
2024-05-14 15:07:11 +03:00
78fa2b7b9c
unbound/dns-over-tls.conf: remove ECS and private ECS
2024-05-14 15:01:41 +03:00
5672e14c89
Revert "Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed."
...
This reverts commit afe50117fe
.
2024-05-14 14:47:09 +03:00
c1b1eaa040
unbound/dot-dns0-quad9.conf: add forgotten ports
2024-05-14 12:23:09 +03:00
afe50117fe
Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed.
2024-05-14 11:06:01 +03:00
c81c1dd7d0
unbound: restore dot-dns0-quad9.conf with IPv4 for DNS0 & IPv6 for Quad9 ECS
...
This partially reverts commit 422ab0de4e
2024-05-09 20:02:23 +03:00
e4d691f2b1
unbound: prefer IPv4 with private ECS using DoT servers
2024-05-07 08:26:20 +03:00
afb0801430
unbound: add doh-local.sample
...
Works otherwise, but self-signed cert didn't satisfy Chromium I wanted to point at it
2024-05-06 18:55:00 +03:00
f5b76c1341
unbound: add .sample to threads.conf, comment to question it's necessity and usage
2024-05-05 11:08:52 +03:00
b18df5462c
unbound: add/rename/fix prefer-ip{4,6}.conf
2024-05-04 09:05:16 +03:00
252f77ab0c
systemd-resolved & unbound: comment ECS servers again.
...
This partially reverts 85c7fedcb2
and will be explained at https://aminda.eu/n/dns soon
2024-05-03 18:07:51 +03:00
aa865106db
unbound: correct ecs.conf.sample
2024-05-03 17:35:15 +03:00
85c7fedcb2
systemd-resolved, unbound: only ECS IPv6
2024-05-03 06:23:37 +03:00
6cae19ba4f
unbound: more ecs.conf.sample experimentation
2024-05-02 21:32:39 +03:00
ba298f94a5
resolv: increase timeout to 2 (match unbound/RFC 8767), decrease attempts to 2, rotate
2024-05-01 09:54:07 +03:00
f6e9aa58da
unbound: add replace-systemd-resolved.conf.sample for listening on systemd-resolved ports
2024-04-30 20:30:15 +03:00
72ea5ca51e
unbound: fix typo in (1)5 minutes cache, apparently a commit once removed the 1
2024-04-30 17:34:01 +03:00
5d4e0e10dd
unbound/min-ttl-hour.conf: also print the stats hourly, not every 15 minutes
2024-04-30 17:26:14 +03:00
437b69bd6e
unbound: apparently rename min-ttl.conf.sample to min-ttl-five-min.conf
2024-04-30 17:17:46 +03:00
9671adf293
unbound: break statistics interval from logging.conf to min-ttl*
2024-04-30 17:11:32 +03:00
819d6a782e
unbound: add mixed-case-queries.conf
2024-04-30 17:11:09 +03:00
08de11b594
unbound/min-ttl-hour.conf: fix comment
2024-04-30 06:52:46 +03:00
87bedac239
unbound: cut cache.conf.SAMPLE into more descriptive files
2024-04-30 06:45:53 +03:00
531cdd82c5
unbound/cache.conf.SAMPLE: fix oversight, logging.conf: reducei nterval to quaterly
2024-04-29 20:48:51 +03:00
0d0be5f9bc
unbound/cache.conf: rename to cache.conf.SAMPLE and add scary warnings there
2024-04-29 20:46:00 +03:00
a14446ed71
unbound/dns-over-tls.conf: add Cloudflare, Mullvad & Control D
...
This is now practically https://www.privacyguides.org/en/dns/ plus Appliedprivacy
2024-04-29 08:29:07 +03:00
4081c974bb
unbound/cache.conf: make the min ttl an hour in my quest to break DNS
2024-04-28 19:15:42 +03:00
23672028d5
unbound/ecs.conf: attempt to send larger subnets than default around
2024-04-28 18:02:18 +03:00
9375b3c2b2
unbound: add dot-cloudflare.conf
2024-04-27 21:22:28 +03:00
2aa221b77f
unbound/cache: take the cache-min-ttl: 3000 challenge
...
It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that.
2024-04-27 18:35:22 +03:00
652c11391f
unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30
2024-04-27 16:52:39 +03:00
a083a9d704
unbound/cache: comment cache-min-ttl=900, add commented 3000
2024-04-27 15:42:29 +03:00
30a27f980d
unbound/cache.conf: RFC 8767ish configuration
2024-04-27 15:00:12 +03:00
1d7308e74e
unbound: explicitly enable ede and it's log
2024-04-26 13:53:50 +03:00
17e0b68d20
unbound: add dot-mullvad.conf defalting on base
...
I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too.
2024-04-25 17:24:41 +03:00
a17ff2903a
unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains
2024-04-25 15:07:37 +03:00
bbeb1d3e02
unbound/nordvpn: rename, send only their domains to them
2024-04-25 14:34:47 +03:00
d17ad34650
unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented)
2024-04-25 13:26:01 +03:00
886b8dbfbd
unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea
...
This will break DNSSEC and a lot of things.
2024-04-22 15:39:47 +03:00
aac3ccdec3
unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com
2024-04-22 11:26:46 +03:00
abd21e008a
well-known-dns.conf: typetransparent subdomains just in case
...
Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors.
2024-04-22 07:42:53 +03:00
579e98f27c
unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA
2024-04-22 07:28:55 +03:00
623a9150fd
unbound: merge 00-insecure-domains.conf into blocklist.conf
2024-04-22 07:10:18 +03:00
892feb3c1b
unbound/blocklist: add fritz.box.
2024-04-22 07:06:21 +03:00
ce9159e756
unbound/dot-quad9.conf: prettier sorting
2024-04-21 13:13:41 +03:00
a0ccd790ab
unbound & systemd-resolved: add Quad9 alternative port
2024-04-21 10:54:22 +03:00
e6bd2b13ad
unbound: add TREX upstream configuration
2024-04-20 20:25:48 +03:00
a7cf718453
uncound/well-known-dns.conf: add DNS0 {Zero,Kids,Open}
2024-04-20 17:59:46 +03:00
422ab0de4e
libreawoo, unbound & resolved: uncomment Quad9 default, comment ECS
2024-04-20 17:50:12 +03:00