Compare commits
11 Commits
c90b551ac4
...
44b6e5b618
Author | SHA1 | Date |
---|---|---|
Aminda Suomalainen | 44b6e5b618 | |
Aminda Suomalainen | 945ca0462d | |
Aminda Suomalainen | 06787a38de | |
Aminda Suomalainen | 19b6fbef3c | |
Aminda Suomalainen | aac3ccdec3 | |
Aminda Suomalainen | dc6fc85174 | |
Aminda Suomalainen | fe1970cfd9 | |
Aminda Suomalainen | abd21e008a | |
Aminda Suomalainen | 579e98f27c | |
Aminda Suomalainen | 623a9150fd | |
Aminda Suomalainen | 892feb3c1b |
|
@ -10,7 +10,8 @@
|
|||
"chat.pikaviestin.fi",
|
||||
"webchat.disroot.org",
|
||||
"learn.microsoft.com",
|
||||
"teams.microsoft.com"
|
||||
"teams.microsoft.com",
|
||||
"bittimittari.fi"
|
||||
],
|
||||
"learnInIncognito": true,
|
||||
"learnLocally": true,
|
||||
|
|
|
@ -7,7 +7,8 @@
|
|||
"https://webchat.disroot.org",
|
||||
"https://learn.microsoft.com",
|
||||
"https://teams.microsoft.com",
|
||||
"https://glowing-bear.org/",
|
||||
"https://latest.glowing-bear.org/"
|
||||
"https://glowing-bear.org",
|
||||
"https://latest.glowing-bear.org",
|
||||
"https://bittimittari.fi"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"IPFSEnabled": false
|
||||
}
|
|
@ -28,6 +28,12 @@ IPv6LinkLocalAddressGenerationMode=stable-privacy
|
|||
#DNS=127.0.0.1
|
||||
#DNS=::1
|
||||
#DNS=8.8.4.4
|
||||
#DNSSEC=true
|
||||
#DNSSEC=allow-downgrade
|
||||
#DNSOverTLS=true
|
||||
#DNSOverTLS=opportunistic
|
||||
# Search domains
|
||||
Domains=.
|
||||
# Enable systemd-timesyncd with `timedatectl set-ntp true`, may be specified
|
||||
# multiple times, but you are using Chrony instead, right?
|
||||
#NTP=fi.pool.ntp.org
|
||||
|
|
|
@ -23,3 +23,10 @@ IPv6LinkLocalAddressGenerationMode=stable-privacy
|
|||
MulticastDNS=true
|
||||
# Windows
|
||||
LLMNR=true
|
||||
# systemd-resolved configuration
|
||||
#DNSSEC=true
|
||||
#DNSSEC=allow-downgrade
|
||||
#DNSOverTLS=true
|
||||
#DNSOverTLS=opportunistic
|
||||
# Search domains
|
||||
Domains=.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[Resolve]
|
||||
# Use this together with other files other than 00-only-unbound.conf!
|
||||
# Use this together with other files other than 00-only-local-resolver.conf!
|
||||
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
#DNSSEC=allow-downgrade
|
||||
# Regardless of the above DNS breaking issues when DNSSEC is
|
||||
|
@ -8,8 +8,8 @@
|
|||
DNSSEC=true
|
||||
DNSOverTLS=opportunistic
|
||||
Cache=true
|
||||
DNS=127.0.0.1
|
||||
DNS=::1
|
||||
#DNS=127.0.0.1
|
||||
#DNS=::1
|
||||
Domains=~.
|
||||
# .local domains
|
||||
MulticastDNS=true
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
# Domains to be sent through plaintext DNS for getting hijacked by devices
|
||||
# that tend to cause headache.
|
||||
# Uses Google DNS, because I don't use it for anything else and don't plan
|
||||
# to for the foreseeable future, so it is easier to spot from logs.
|
||||
# Is it secure? Google likely also knows I have these devices on my network
|
||||
# thanks to Android.
|
||||
|
||||
server:
|
||||
forward-zone:
|
||||
name: "mywifiext.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
forward-zone:
|
||||
name: "tplinkrepeater.net"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
forward-zone:
|
||||
name: "router.asus.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
forward-zone:
|
||||
name: "norwegianwifi.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
# Can I refer to subdomain as a zone?
|
||||
forward-zone:
|
||||
name: "http.badssl.com"
|
||||
forward-tls-upstream: no
|
||||
forward-addr: 8.8.8.8
|
||||
|
||||
# vim: filetype=unbound.conf
|
|
@ -16,3 +16,23 @@ local-zone: "matrix.to." always_refuse
|
|||
# A lot of apps integrating Facebook in any form on mobile call this domain
|
||||
# in particular, likely websites too.
|
||||
local-zone: "graph.facebook.com." always_refuse
|
||||
|
||||
## APPLIANCE/CAPTIVE PORTAL DOMAINS
|
||||
# Search these through host or dig to another server instead!
|
||||
|
||||
# Fritz router/modem default search domain and control panel.
|
||||
local-zone: "fritz.box." always_refuse
|
||||
|
||||
# Netgear
|
||||
local-zone: "mywifiext.net." always_refuse
|
||||
|
||||
# TP-Link
|
||||
local-zone: "tplinkrepeater.net." always_refuse
|
||||
|
||||
# ASUS
|
||||
local-zone: "router.asus.com." always_refuse
|
||||
|
||||
# Norwegian planes
|
||||
local-zone: "norwegianwifi.com." always_refuse
|
||||
|
||||
# vim: filetype=unbound.conf
|
||||
|
|
|
@ -2,69 +2,87 @@
|
|||
# to send queries, even if they are queried by web browser.
|
||||
server:
|
||||
# Quad9 Secure
|
||||
local-zone: "dns.quad9.net." typetransparent
|
||||
local-data: "dns.quad9.net. A 9.9.9.9"
|
||||
local-data: "dns.quad9.net. A 149.112.112.112"
|
||||
local-data: "dns.quad9.net. AAAA 2620:fe::fe"
|
||||
local-data: "dns.quad9.net. AAAA 2620:fe::9"
|
||||
# Quad9 No Threat Blocking
|
||||
local-zone: "dns10.quad9.net." typetransparent
|
||||
local-data: "dns10.quad9.net. A 9.9.9.10"
|
||||
local-data: "dns10.quad9.net. A 149.112.112.10"
|
||||
local-data: "dns10.quad9.net. AAAA 2620:fe::10"
|
||||
local-data: "dns10.quad9.net. AAAA 2620:fe::fe:10"
|
||||
# Quad9 Secure + ECS
|
||||
local-zone: "dns11.quad9.net." typetransparent
|
||||
local-data: "dns11.quad9.net. A 9.9.9.11"
|
||||
local-data: "dns11.quad9.net. A 149.112.112.11"
|
||||
local-data: "dns11.quad9.net. AAAA 2620:fe::11"
|
||||
local-data: "dns11.quad9.net. AAAA 2620:fe::fe:11"
|
||||
# Quad9 No Threat Blocking + ECS
|
||||
local-zone: "dns12.quad9.net." typetransparent
|
||||
local-data: "dns12.quad9.net. A 9.9.9.12"
|
||||
local-data: "dns12.quad9.net. A 149.112.112.12"
|
||||
local-data: "dns12.quad9.net. AAAA 2620:fe::12"
|
||||
local-data: "dns12.quad9.net. AAAA 2620:fe::fe:12"
|
||||
# DNS0 default
|
||||
local-zone: "dns0.eu." typetransparent
|
||||
local-data: "dns0.eu. A 193.110.81.0"
|
||||
local-data: "dns0.eu. A 185.253.5.0"
|
||||
local-data: "dns0.eu. AAAA 2a0f:fc80::"
|
||||
local-data: "dns0.eu. AAAA 2a0f:fc81::"
|
||||
# DNS0 Zero
|
||||
local-zone: "zero.dns0.eu." typetransparent
|
||||
local-data: "zero.dns0.eu. A 193.110.81.9"
|
||||
local-data: "zero.dns0.eu. A 185.253.5.9"
|
||||
local-data: "zero.dns0.eu. AAAA 2a0f:fc80::9"
|
||||
local-data: "zero.dns0.eu. AAAA 2a0f:fc81::9"
|
||||
# DNS0 Kids
|
||||
local-zone: "kids.dns0.eu." typetransparent
|
||||
local-data: "kids.dns0.eu. A 193.110.81.1"
|
||||
local-data: "kids.dns0.eu. A 185.253.5.1"
|
||||
local-data: "kids.dns0.eu. AAAA 2a0f:fc80::1"
|
||||
local-data: "kids.dns0.eu. AAAA 2a0f:fc81::1"
|
||||
# DNS0 Open
|
||||
local-zone: "open.dns0.eu." typetransparent
|
||||
local-data: "open.dns0.eu. A 193.110.81.254"
|
||||
local-data: "open.dns0.eu. A 185.253.5.254"
|
||||
local-data: "open.dns0.eu. AAAA 2a0f:fc80::ffff"
|
||||
local-data: "open.dns0.eu. AAAA 2a0f:fc81::ffff"
|
||||
# Cloudflare
|
||||
local-zone: "cloudflare-dns.com." typetransparent
|
||||
local-data: "cloudflare-dns.com. A 1.1.1.1"
|
||||
local-data: "cloudflare-dns.com. A 1.0.0.1"
|
||||
local-data: "cloudflare-dns.com. AAAA 2606:4700:4700::1111"
|
||||
local-data: "cloudflare-dns.com. AAAA 2606:4700:4700::1001"
|
||||
local-zone: "one.one.one.one." typetransparent
|
||||
local-data: "one.one.one.one. CNAME cloudflare-dns.com."
|
||||
# Cloudflare Malware blocking
|
||||
local-zone: "security.cloudflare-dns.com." typetransparent
|
||||
local-data: "security.cloudflare-dns.com. A 1.1.1.2"
|
||||
local-data: "security.cloudflare-dns.com. A 1.0.0.2"
|
||||
local-data: "security.cloudflare-dns.com. AAAA 2606:4700:4700::1112"
|
||||
local-data: "security.cloudflare-dns.com. AAAA 2606:4700:4700::1002"
|
||||
# Mullvad ad, tracker & malware block
|
||||
local-zone: "base.dns.mullvad.net." typetransparent
|
||||
local-data: "base.dns.mullvad.net. A 194.242.2.4"
|
||||
local-data: "base.dns.mullvad.net. AAAA 2a07:e340::4"
|
||||
# AdGuard Default
|
||||
local-zone: "dns.adguard-dns.com." typetransparent
|
||||
local-data: "dns.adguard-dns.com. A 94.140.14.14"
|
||||
local-data: "dns.adguard-dns.com. A 94.140.15.15"
|
||||
local-data: "dns.adguard-dns.com. AAAA 2a10:50c0::ad1:ff"
|
||||
local-data: "dns.adguard-dns.com. AAAA 2a10:50c0::ad2:ff"
|
||||
# Google DNS
|
||||
local-zone: "dns.google." typetransparent
|
||||
local-data: "dns.google. A 8.8.8.8"
|
||||
local-data: "dns.google. A 8.8.4.4"
|
||||
local-data: "dns.google. AAAA 2001:4860:4860::8888"
|
||||
local-data: "dns.google. AAAA 2001:4860:4860::8844"
|
||||
local-zone: "dns.google.com." typetransparent
|
||||
local-data: "dns.google.com. CNAME dns.google."
|
||||
# Google DNS64
|
||||
local-zone: "dns64.dns.google." typetransparent
|
||||
local-data: "dns64.dns.google. AAAA 2001:4860:4860::6464"
|
||||
local-data: "dns64.dns.google. AAAA 2001:4860:4860::64"
|
||||
|
||||
|
|
Loading…
Reference in New Issue