70ae6b36a5 
							
						 
					 
					
						
						
							
							systemd-resolved & unbound: let's not pretend I am not using Quad9 ECS  
						
						
						
						
					 
					
						2024-07-31 10:23:36 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							aa03a16c49 
							
						 
					 
					
						
						
							
							DNS: fail fast when you inevitably fail  
						
						
						
						
					 
					
						2024-07-30 20:43:33 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							0796ee504d 
							
						 
					 
					
						
						
							
							unbound: stop pretending I don't use unbound-control  
						
						
						
						
					 
					
						2024-05-23 21:16:48 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c2e0917c3a 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: remove Quad9 ECS comments  
						
						
						
						
					 
					
						2024-05-18 16:14:57 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							bec86d1344 
							
						 
					 
					
						
						
							
							{systemd-resolved,unbound}: add commented unfiltered adguard to appropiate file  
						
						
						
						
					 
					
						2024-05-18 16:12:58 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a7ef548dab 
							
						 
					 
					
						
						
							
							{chromium,unbound}: experimental dot-private-ecs.conf  
						
						
						
						
					 
					
						2024-05-18 16:08:17 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e6696d22f6 
							
						 
					 
					
						
						
							
							Revert "unbound/dns-over-tls.conf: remove ECS and private ECS"  
						
						... 
						
						
						
						This reverts commit 78fa2b7b9ca4cbb09eb386fcf3693e0e354dc717. 
						
						
					 
					
						2024-05-18 15:51:13 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							8d34384c78 
							
						 
					 
					
						
						
							
							unbound: mark dot-flushable-cache.conf as .badidea  
						
						
						
						
					 
					
						2024-05-14 15:08:26 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							901c634424 
							
						 
					 
					
						
						
							
							unbound: I have been using Fedora for a couple of years, I know where the ca bundle is without attributing to ctrl.blog  
						
						
						
						
					 
					
						2024-05-14 15:07:11 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							78fa2b7b9c 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: remove ECS and private ECS  
						
						
						
						
					 
					
						2024-05-14 15:01:41 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5672e14c89 
							
						 
					 
					
						
						
							
							Revert "Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed."  
						
						... 
						
						
						
						This reverts commit afe50117fe1a98bb02f9736671dc7629c2444f30. 
						
						
					 
					
						2024-05-14 14:47:09 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c1b1eaa040 
							
						 
					 
					
						
						
							
							unbound/dot-dns0-quad9.conf: add forgotten ports  
						
						
						
						
					 
					
						2024-05-14 12:23:09 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							afe50117fe 
							
						 
					 
					
						
						
							
							Stop pretending issues of ECS weight more than pros of it after GApple upgrades delayed my going to bed.  
						
						
						
						
					 
					
						2024-05-14 11:06:01 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c81c1dd7d0 
							
						 
					 
					
						
						
							
							unbound: restore dot-dns0-quad9.conf with IPv4 for DNS0 & IPv6 for Quad9 ECS  
						
						... 
						
						
						
						This partially reverts commit 422ab0de4eedfe378d1866bfb58a2b4dac774b83 
						
						
					 
					
						2024-05-09 20:02:23 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e4d691f2b1 
							
						 
					 
					
						
						
							
							unbound: prefer IPv4 with private ECS using DoT servers  
						
						
						
						
					 
					
						2024-05-07 08:26:20 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							afb0801430 
							
						 
					 
					
						
						
							
							unbound: add doh-local.sample  
						
						... 
						
						
						
						Works otherwise, but self-signed cert didn't satisfy Chromium I wanted to point at it 
						
						
					 
					
						2024-05-06 18:55:00 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f5b76c1341 
							
						 
					 
					
						
						
							
							unbound: add .sample to threads.conf, comment to question it's necessity and usage  
						
						
						
						
					 
					
						2024-05-05 11:08:52 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							b18df5462c 
							
						 
					 
					
						
						
							
							unbound: add/rename/fix prefer-ip{4,6}.conf  
						
						
						
						
					 
					
						2024-05-04 09:05:16 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							252f77ab0c 
							
						 
					 
					
						
						
							
							systemd-resolved & unbound: comment ECS servers again.  
						
						... 
						
						
						
						This partially reverts 85c7fedcb21cfa3a173f7ff3d1a9e35d1f449086 and will be explained at https://aminda.eu/n/dns  soon 
						
						
					 
					
						2024-05-03 18:07:51 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							aa865106db 
							
						 
					 
					
						
						
							
							unbound: correct ecs.conf.sample  
						
						
						
						
					 
					
						2024-05-03 17:35:15 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							85c7fedcb2 
							
						 
					 
					
						
						
							
							systemd-resolved, unbound: only ECS IPv6  
						
						
						
						
					 
					
						2024-05-03 06:23:37 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6cae19ba4f 
							
						 
					 
					
						
						
							
							unbound: more ecs.conf.sample experimentation  
						
						
						
						
					 
					
						2024-05-02 21:32:39 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ba298f94a5 
							
						 
					 
					
						
						
							
							resolv: increase timeout to 2 (match unbound/RFC 8767), decrease attempts to 2, rotate  
						
						
						
						
					 
					
						2024-05-01 09:54:07 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f6e9aa58da 
							
						 
					 
					
						
						
							
							unbound: add replace-systemd-resolved.conf.sample for listening on systemd-resolved ports  
						
						
						
						
					 
					
						2024-04-30 20:30:15 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							72ea5ca51e 
							
						 
					 
					
						
						
							
							unbound: fix typo in (1)5 minutes cache, apparently a commit once removed the 1  
						
						
						
						
					 
					
						2024-04-30 17:34:01 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5d4e0e10dd 
							
						 
					 
					
						
						
							
							unbound/min-ttl-hour.conf: also print the stats hourly, not every 15 minutes  
						
						
						
						
					 
					
						2024-04-30 17:26:14 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							437b69bd6e 
							
						 
					 
					
						
						
							
							unbound: apparently rename min-ttl.conf.sample to min-ttl-five-min.conf  
						
						
						
						
					 
					
						2024-04-30 17:17:46 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9671adf293 
							
						 
					 
					
						
						
							
							unbound: break statistics interval from logging.conf to min-ttl*  
						
						
						
						
					 
					
						2024-04-30 17:11:32 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							819d6a782e 
							
						 
					 
					
						
						
							
							unbound: add mixed-case-queries.conf  
						
						
						
						
					 
					
						2024-04-30 17:11:09 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							08de11b594 
							
						 
					 
					
						
						
							
							unbound/min-ttl-hour.conf: fix comment  
						
						
						
						
					 
					
						2024-04-30 06:52:46 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							87bedac239 
							
						 
					 
					
						
						
							
							unbound: cut cache.conf.SAMPLE into more descriptive files  
						
						
						
						
					 
					
						2024-04-30 06:45:53 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							531cdd82c5 
							
						 
					 
					
						
						
							
							unbound/cache.conf.SAMPLE: fix oversight, logging.conf: reducei nterval to quaterly  
						
						
						
						
					 
					
						2024-04-29 20:48:51 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							0d0be5f9bc 
							
						 
					 
					
						
						
							
							unbound/cache.conf: rename to cache.conf.SAMPLE and add scary warnings there  
						
						
						
						
					 
					
						2024-04-29 20:46:00 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a14446ed71 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: add Cloudflare, Mullvad & Control D  
						
						... 
						
						
						
						This is now practically https://www.privacyguides.org/en/dns/  plus Appliedprivacy 
						
						
					 
					
						2024-04-29 08:29:07 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4081c974bb 
							
						 
					 
					
						
						
							
							unbound/cache.conf: make the min ttl an hour in my quest to break DNS  
						
						
						
						
					 
					
						2024-04-28 19:15:42 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							23672028d5 
							
						 
					 
					
						
						
							
							unbound/ecs.conf: attempt to send larger subnets than default around  
						
						
						
						
					 
					
						2024-04-28 18:02:18 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9375b3c2b2 
							
						 
					 
					
						
						
							
							unbound: add dot-cloudflare.conf  
						
						
						
						
					 
					
						2024-04-27 21:22:28 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2aa221b77f 
							
						 
					 
					
						
						
							
							unbound/cache: take the cache-min-ttl: 3000 challenge  
						
						... 
						
						
						
						It will not affect web browsers which are using DoH for ECH eliminating most of breakage and I am just curious on will anything outside of web browser suffer that. 
						
						
					 
					
						2024-04-27 18:35:22 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							652c11391f 
							
						 
					 
					
						
						
							
							unbound/cache.conf: explicitly set serve-expired-reply-ttl to 30  
						
						
						
						
					 
					
						2024-04-27 16:52:39 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a083a9d704 
							
						 
					 
					
						
						
							
							unbound/cache: comment cache-min-ttl=900, add commented 3000  
						
						
						
						
					 
					
						2024-04-27 15:42:29 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							30a27f980d 
							
						 
					 
					
						
						
							
							unbound/cache.conf: RFC 8767ish configuration  
						
						
						
						
					 
					
						2024-04-27 15:00:12 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							1d7308e74e 
							
						 
					 
					
						
						
							
							unbound: explicitly enable ede and it's log  
						
						
						
						
					 
					
						2024-04-26 13:53:50 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							17e0b68d20 
							
						 
					 
					
						
						
							
							unbound: add dot-mullvad.conf defalting on base  
						
						... 
						
						
						
						I found myself missing this on an old family PC that has limited resources and as I didn't have this file at hand, I just went with AdGuard which will work too. 
						
						
					 
					
						2024-04-25 17:24:41 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a17ff2903a 
							
						 
					 
					
						
						
							
							unbound/nordvpn-domains.conf: add comments/sources, fix duplicate zone, add missing domains  
						
						
						
						
					 
					
						2024-04-25 15:07:37 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							bbeb1d3e02 
							
						 
					 
					
						
						
							
							unbound/nordvpn: rename, send only their domains to them  
						
						
						
						
					 
					
						2024-04-25 14:34:47 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d17ad34650 
							
						 
					 
					
						
						
							
							unbound/dns-over-tls.conf: note Applied Privacy does no ECS, add 853, add Quad9 unfiltered (ECS commented)  
						
						
						
						
					 
					
						2024-04-25 13:26:01 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							886b8dbfbd 
							
						 
					 
					
						
						
							
							unbound.conf.d: well-known-dns.conf -> well-known-dns.conf.badidea  
						
						... 
						
						
						
						This will break DNSSEC and a lot of things. 
						
						
					 
					
						2024-04-22 15:39:47 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							aac3ccdec3 
							
						 
					 
					
						
						
							
							unbound/well-known-dns.conf: add CNAMEs one.one.one.one & dns.google.com  
						
						
						
						
					 
					
						2024-04-22 11:26:46 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							abd21e008a 
							
						 
					 
					
						
						
							
							well-known-dns.conf: typetransparent subdomains just in case  
						
						... 
						
						
						
						Theoretically the higher level domain affects them too, but in practice I am unsure and I have previously only used always_reject for google-analytics & subdomains blocking. It at least isn't causing warnings or errors. 
						
						
					 
					
						2024-04-22 07:42:53 +03:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							579e98f27c 
							
						 
					 
					
						
						
							
							unbound/well-known-dns.conf: use typetransparent so non-local queries won't get NODATA  
						
						
						
						
					 
					
						2024-04-22 07:28:55 +03:00