rc: add a sample curlrc

dnsproxy: remove --user that doesn't apply anymore
dnsproxy.service: convert to system service
2025-08-17 20:07:20 +02:00 · 2023-02-23 17:15:52 +02:00 · 2023-02-23 14:31:48 +02:00 · 2023-02-23 14:25:12 +02:00 · 2023-02-23 13:54:11 +02:00 · 2023-02-23 13:52:48 +02:00
7 changed files with 71 additions and 1 deletions
--- a/Windows/DoH/DohWellKnownServers.reg
+++ b/Windows/DoH/DohWellKnownServers.reg
@ -50,6 +50,30 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\185.253.5.9]
 "Template"="https://zero.dns0.eu"

+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\193.110.81.254]
+"Template"="https://open.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\185.253.5.254]
+"Template"="https://open.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\2a0f:fc80::ffff]
+"Template"="https://open.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\2a0f:fc81::ffff]
+"Template"="https://open.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\193.110.81.1]
+"Template"="https://kids.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\185.253.5.1]
+"Template"="https://kids.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\2a0f:fc80::1]
+"Template"="https://kids.dns0.eu"
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\2a0f:fc81::1]
+"Template"="https://kids.dns0.eu"
+
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers\193.19.108.2]
 "Template"="https://doh.mullvad.net/dns-query"

--- a/Windows/DoH/README.md
+++ b/Windows/DoH/README.md
@ -10,7 +10,10 @@ Requires Windows 11.
  that Windows 11 isn't shipping by default, currently:
  - Adguard
  - Cloudflare antimalware
-  - DNS0 (& Zero)
+  - DNS0 standard
+    - Zero
+    - Open
+    - Kids
  - Mullvad
  - Mullvad Adblock
  - Quad9 ECS (Windows 11 defaults include Quad9 default)
--- a/conf/sway/config.d/autostart-utilities.conf
+++ b/conf/sway/config.d/autostart-utilities.conf
@ -16,6 +16,7 @@ exec --no-startup-id foot
 exec --no-startup-id foot --title=htop htop
 # In similar series system and service logs
 exec --no-startup-id foot --title=system\ journal journalctl -f
+exec --no-startup-id foot --title=user\ journal journalctl -f --user
 exec --no-startup-id foot --title=iwd\ log journalctl -u iwd -f
 exec --no-startup-id foot --title=unbound\ log journalctl -u unbound -f
 exec --no-startup-id foot --title=chronyd\ log journalctl -u chronyd -f
--- a/etc/systemd/resolved.conf.d/dot-dns0-open.conf
+++ b/etc/systemd/resolved.conf.d/dot-dns0-open.conf
@ -0,0 +1,8 @@
+[Resolve]
+DNS=193.110.81.254#open.dns0.eu
+DNS=185.253.5.254#open.dns0.eu
+DNS=2a0f:fc80::ffff#open.dns0.eu
+DNS=2a0f:fc81::ffff#open.dns0.eu
+Domains=~.
+DNSOverTLS=yes
+Cache=yes
--- a/etc/systemd/system/dnsproxy.service
+++ b/etc/systemd/system/dnsproxy.service
@ -0,0 +1,19 @@
+# https://github.com/AdguardTeam/dnsproxy
+[Unit]
+Description=DNS over HTTPS resolver
+# /etc/resolv.conf -> unbound -> dnsproxy
+After=network-online.target
+
+[Service]
+Type=simple
+# -v is verbose output, journalctl -u dnsproxy
+# 127.0.2.1@53 comes from https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
+# and it's not a privileged port https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/sysctl.d/23-starts-unprivileged-ports.conf
+# The DoH server is self-explanatory, bootstrap is Quad9 with ECS
+ExecStart=/usr/local/bin/dnsproxy -v -l 127.0.2.1 -p 53 -u https://dns0.eu/ -b 149.112.112.11:53 -b 9.9.9.11:53 -b [2620:fe::11]:53 -b [2620:fe::fe:11]:53 --http3
+Restart=always
+RestartSec=5s
+User=unbound
+
+[Install]
+WantedBy=multi-user.target
--- a/etc/unbound/unbound.conf.d/dot-dns0-open.conf
+++ b/etc/unbound/unbound.conf.d/dot-dns0-open.conf
@ -0,0 +1,13 @@
+server:
+	# Debian ca-certificates location
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	# ctrl.blog says this is the Fedora location
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	forward-addr: 193.110.81.254@853#open.dns0.eu
+	forward-addr: 185.253.5.254@853#open.dns0.eu
+	forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
+	forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
--- a/rc/curlrc
+++ b/rc/curlrc
@ -0,0 +1,2 @@
+# ~/.curlrc
+doh-url = https://dns0.eu
Author	SHA1	Message	Date
Aminda Suomalainen	e51fcdd146	rc: add a sample curlrc	2023-02-23 17:15:52 +02:00
Aminda Suomalainen	0cfb5859ad	dnsproxy: remove --user that doesn't apply anymore	2023-02-23 14:31:48 +02:00
Aminda Suomalainen	4761b94331	dnsproxy.service: convert to system service	2023-02-23 14:25:12 +02:00
Aminda Suomalainen	25386dd8e3	sway/config.d/autostart-utilities: add user journalctl	2023-02-23 13:54:11 +02:00
Aminda Suomalainen	7239409083	conf/systemd/user: add dnsproxy.service	2023-02-23 13:52:48 +02:00
Aminda Suomalainen	6f1335aff1	Windows/DoH: add DNS0 Kids On the off chance I ever need it on Windows as this is the most painful file to edit in my opinion	2023-02-23 10:16:36 +02:00
Aminda Suomalainen	d1e3c79fdb	Windows/DoH: add DNS0 open	2023-02-23 10:13:33 +02:00
Aminda Suomalainen	9bdc67dd29	unbound & systmed-resolved: add DNS0 open Ref: #153	2023-02-23 10:11:03 +02:00