2025-08-19 12:47:27 +02:00
5 changed files with 2 additions and 33 deletions
--- a/etc/systemd/resolved.conf.d/05-do53-dna-moi.conf
+++ b/etc/systemd/resolved.conf.d/05-do53-dna-moi.conf
@ -1,5 +0,0 @@
-[Resolve]
-# https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet
-DNS=2001:14b8:1000::1 2001:14b8:1000::2
-DNS=62.241.198.245 62.241.198.246
-# vim: filetype=systemd
--- a/etc/systemd/resolved.conf.d/05-do53-elisa.conf
+++ b/etc/systemd/resolved.conf.d/05-do53-elisa.conf
@ -1,8 +0,0 @@
-[Resolve]
-# https://elisa.fi/asiakaspalvelu/nettiliittymat/tiedonsiirtoportit-porttiohjaukset/
-# Elisa
-DNS=193.229.0.40 193.229.0.42
-# Saunalahti
-DNS=2001:998:20::20 2001:998:20::40
-DNS=195.74.0.47 195.197.54.100
-# vim: filetype=systemd
--- a/etc/systemd/resolved.conf.d/README.md
+++ b/etc/systemd/resolved.conf.d/README.md
@ -33,20 +33,10 @@ sudo systemctl restart systemd-resolved
  there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
  - To rephrase, this is to be used together with other files, especially
    some of those beginning with `10-dot-`.
- `05-do53-dna-moi.conf` - DNS servers used by DNA and Moi (who is on DNA's
-  network and owned by them)
- `05-do53-elisa.conf` - DNS servers used by Elisa and apparently their
-  Saunalahti still exists here as well.
 - `10-dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS.
  At least one of these should be used in addition to `00-defaults.conf`
 - `98-local-resolver.conf` attempts to configure localhost resolver and
-  disables unnecessary features for that scenario. The number 10 takes
-  priority over 00 and 05 so if a DNSOverTLS=true is uncommented, it will
-  also apply to the former ones that are unlikely to support it. When
-  numbering the files, I didn't think I would be adding the plaintext DNS
-  servers that I am unlikely to use whenever Unbound is available (and I
-  currently have only one system that has systemd-resolved while not having
-  Unbound and it seems to prefer DoT over my router anyway).
+  disables unnecessary features for that scenario.
 - `99-lan-resolver.conf.sample` when renamed would allow enabling resolvers on
  LAN assuming they are trusted. Note that if used together with
  `98-local-resolver.conf`, DNSSEC would be disabled.
--- a/etc/unbound/unbound.conf.d/cache.conf
+++ b/etc/unbound/unbound.conf.d/cache.conf
@ -16,10 +16,7 @@ server:
 	# https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/
 	# dares setting the minimum cache to something between 40 minute and 60,
 	# so how about 50 minutes? However it predates RFC 8767.
-	#cache-min-ttl: 3000
-	# Why not just make it hour directly, while that is considered as a
-	# maximum reasonableish value?
-	cache-min-ttl: 3600
+	cache-min-ttl: 3000
 	# Update cache for popular items before they expire. ~10 % traffic
 	# increase according to `man unbound.conf`
 	prefetch: yes
--- a/etc/unbound/unbound.conf.d/ecs.conf
+++ b/etc/unbound/unbound.conf.d/ecs.conf
@ -1,5 +0,0 @@
-server:
-client-subnet-zone: "."
-client-subnet-always-forward: yes
-max-client-subnet-ipv6: "16"
-max-client-subnet-ipv4: "48"