Compare commits
4 Commits
b248392e8a
...
1a1bf9adb9
Author | SHA1 | Date |
---|---|---|
Aminda Suomalainen | 1a1bf9adb9 | |
Aminda Suomalainen | b3eb6e06e7 | |
Aminda Suomalainen | 47e51ee38b | |
Aminda Suomalainen | 39f2eb4f0f |
|
@ -112,8 +112,9 @@ pref("reader.parse-on-load.force-enabled", true);
|
|||
//pref("network.trr.mode", 2);
|
||||
defaultPref("network.trr.mode", 3);
|
||||
pref("network.trr.early-AAAA", true);
|
||||
defaultPref("network.trr.uri", "https://dns0.eu");
|
||||
//pref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
|
||||
//defaultPref("network.trr.uri", "https://dns0.eu");
|
||||
defaultPref("network.trr.uri"), "https://dns11.quad9.net/dns-query");
|
||||
//defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
|
||||
// NOTE: ECH requires TRR, so mode 2 may not use it.
|
||||
defaultPref("network.trr.disable-ECS", false);
|
||||
pref("network.dns.echconfig.enabled", true);
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
"DNSOverHTTPS": {
|
||||
"Enabled": true,
|
||||
"Locked": false,
|
||||
"ProviderURL": "https://dns0.eu"
|
||||
"ProviderURL": "https://dns11.quad9.net/dns-query"
|
||||
},
|
||||
"DisablePocket": false,
|
||||
"EnableTrackingProtection": {
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
- [`disable-brave-vpn.json`](#disable-brave-vpnjson)
|
||||
- [`disable-floc.json`](#disable-flocjson)
|
||||
- [`disable-incognito.json`](#disable-incognitojson)
|
||||
- [`doh-cloudflare-secure.json`](#doh-cloudflare-securejson)
|
||||
- [`doh-allowed.json`](#doh-allowedjson)
|
||||
- [`doh-dns0.json`](#doh-dns0json)
|
||||
- [`doh-forced.json`](#doh-forcedjson)
|
||||
|
@ -233,6 +234,10 @@ Disables floc or ad topics that are against privacy.
|
|||
|
||||
Disables incognito mode. I don't recommend this.
|
||||
|
||||
## `doh-cloudflare-secure.json`
|
||||
|
||||
Sets Cloudflare with malware protection as the DNS-over-HTTPS server.
|
||||
|
||||
## `doh-allowed.json`
|
||||
|
||||
If no DNS over HTTPS policy is used, this unlocks the setting while still allowing downgrade to system DNS
|
||||
|
@ -240,6 +245,8 @@ If no DNS over HTTPS policy is used, this unlocks the setting while still allowi
|
|||
|
||||
Incompatible with `doh-forced.json`. This must be used together with any other `doh-*.json` file, but only one of them.
|
||||
|
||||
**_No ECH._**
|
||||
|
||||
## `doh-dns0.json`
|
||||
|
||||
Simply enables DNS-over-HTTPS with DNS0.eu.
|
||||
|
@ -250,6 +257,8 @@ Enforces use of DNS-over-HTTPS disabling the downgrade.
|
|||
|
||||
Incompatible with `doh-allowed.json`. Use this together with any other `doh-*.json` file, but only one of them.
|
||||
|
||||
**_Required for ECH._**
|
||||
|
||||
## `doh-mullvad-base.json`
|
||||
|
||||
Enables DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"DnsOverHttpsTemplates": "https://security.cloudflare-dns.com/dns-query"
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
conf.d
|
|
@ -0,0 +1 @@
|
|||
unbound.conf.d
|
|
@ -35,3 +35,5 @@ forward-zone:
|
|||
name: "http.badssl.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -23,3 +23,5 @@ server:
|
|||
# Allow expired results to be served if they are in cache. The cache will
|
||||
# get updated the next time.
|
||||
serve-expired: yes
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -4,3 +4,5 @@ server:
|
|||
# The following line will configure unbound to perform cryptographic
|
||||
# DNSSEC validation using the root trust anchor.
|
||||
auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -32,3 +32,5 @@ forward-zone:
|
|||
forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com
|
||||
forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -27,3 +27,5 @@ forward-zone:
|
|||
# Cloudflare for 64:ff9b::/96
|
||||
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -3,3 +3,5 @@ do-not-query-localhost: no
|
|||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: 127.0.2.1@53
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -18,3 +18,5 @@ forward-zone:
|
|||
forward-addr: 94.140.15.15@853#dns.adguard.com
|
||||
|
||||
# Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -56,3 +56,5 @@ forward-zone:
|
|||
#forward-addr: 9.9.9.12@853#dns12.quad9.net
|
||||
#forward-addr: 2620:fe::12@853#dns12.quad9.net
|
||||
#forward-addr: 149.112.112.12@853#dns12.quad9.net
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -27,3 +27,5 @@ forward-zone:
|
|||
# forward-addr: 193.110.81.9@853#zero.dns0.eu
|
||||
# forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
|
||||
# forward-addr: 185.253.5.9@853#zero.dns0.eu
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -29,3 +29,5 @@ forward-zone:
|
|||
forward-addr: 8.8.4.4@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8888@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8844@853#dns.google
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -32,3 +32,5 @@ forward-zone:
|
|||
#forward-addr: 9.9.9.12@853#dns12.quad9.net
|
||||
#forward-addr: 2620:fe::12@853#dns12.quad9.net
|
||||
#forward-addr: 149.112.112.12@853#dns12.quad9.net
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -4,3 +4,5 @@ server:
|
|||
local-zone: "local." static
|
||||
local-zone: "internal." static
|
||||
local-zone: "invalid." static
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -8,3 +8,5 @@ server:
|
|||
verbosity: 2
|
||||
# Print statistics to the log hourly
|
||||
statistics-interval: 3600
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -16,3 +16,5 @@ forward-zone:
|
|||
forward-addr: 2a0f:fc81::ffff
|
||||
forward-addr: 193.110.81.254
|
||||
forward-addr: 185.253.5.254
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -18,3 +18,5 @@ forward-zone:
|
|||
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
|
||||
#forward-addr: 2001:4860:4860::6464
|
||||
#forward-addr: 2001:4860:4860::64
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
server:
|
||||
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
|
||||
prefer-ip6: yes
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -2,3 +2,5 @@ server:
|
|||
# Use two threads, I think more than 1 threads will help with Firefox
|
||||
# at times telling name resolution failed
|
||||
num-threads: 2
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -23,3 +23,5 @@ control-key-file: "/etc/unbound/unbound_control.key"
|
|||
|
||||
# unbound-control certificate file.
|
||||
control-cert-file: "/etc/unbound/unbound_control.pem"
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
Loading…
Reference in New Issue