Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:ea94ebfdb9c2284de7166918c7cf5259c1632293
Branches Tags
Mikaela:master
...
compare: Mikaela:b248392e8a5e748b5da8904c28a6c13d373cbf5c
Branches Tags
Mikaela:master

4 Commits
ea94ebfdb9 ... b248392e8a

Author SHA1 Message Date
Aminda Suomalainen b248392e8a
systemd-resolved: think more on local resolvers or not 2024-04-18 14:31:56 +03:00
Aminda Suomalainen 4c4508ba36
unbound/dot-*quad9.conf: add DNS10 & DNS12 (commented), remove extra spaces 2024-04-18 11:16:20 +03:00
Aminda Suomalainen 9aa71de638
systemd-resolved/dot-quad9.conf: add commented DNS10 & DNS12 2024-04-18 11:08:23 +03:00
Aminda Suomalainen 855630579d
tmux.conf: turn the clock yellow 2024-04-18 09:29:02 +03:00
7 changed files with 72 additions and 28 deletions
Show Stats Expand all files Collapse all files

5
conf/tmux.conf
View File

@ -44,5 +44,6 @@ set -g escape-time 300
# Or for tmux >= 2.6
set -sg escape-time 300
# Turn the clock red. It's the least bad colour especially at night.
setw -g clock-mode-colour red
# Turn the clock yellow. Red would be better at night, but I am used to
# looking at amber in my terminals and thus yellow is less distracting.
setw -g clock-mode-colour yellow

1
etc/systemd/resolved.conf.d/00-defaults.conf → etc/systemd/resolved.conf.d/00-no-local-resolver.conf
View File

@ -1,4 +1,5 @@
[Resolve]
# Use this together with other files other than 00-only-unbound.conf!
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
#DNSSEC=allow-downgrade
# Regardless of the above DNS breaking issues when DNSSEC is

12
etc/systemd/resolved.conf.d/00-only-local-resolver.conf Normal file
View File

@ -0,0 +1,12 @@
[Resolve]
# All this is done by Unbound. Don't use other files together with this one.
DNSSEC=false
DNSOverTLS=false
Cache=false
DNS=127.0.0.1
DNS=::1
Domains=~.
# .local domains
MulticastDNS=true
# Microsoft Windows compatibility?
LLMNR=true

10
etc/systemd/resolved.conf.d/README.md
View File

@ -26,9 +26,15 @@ sudo systemctl restart systemd-resolved
## Files explained
- `00-defaults.conf` - configuration that should be used everywhere.
- `00-no-local-resolver.conf` - configuration that should be used everywhere.
Enables DNSSEC (regardless of systemd-resolved not handling it properly),
enables opportunistic DoT, caching and local DNS servers.
enables opportunistic DoT, caching and local DNS servers (because they
should exist anyway as I don't trust systemd-resolved entirely. Anyway if
there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
- To rephrase, this is sto be used together with other files, especially
some of those beginning with `dot-`.
- `00-only-local-resolver.conf` - for when there is known local resolver.
**_Don't combine this with the other files._**
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=opportunistic`. At least one of these
should be used in addition to `00-defaults.conf`

7
etc/systemd/resolved.conf.d/dot-quad9.conf
View File

@ -1,7 +1,12 @@
[Resolve]
# Secure
#DNS=2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net
# ECS
# No Threat Blocking
#DNS=2620:fe::10#dns10.quad9.net 149.112.112.10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net
# Secure + ECS
DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
# No Threat Blocking + ECS
#DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net
# Uncomment for port 443 resolver
#DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
#DNSOverTLS=true

43
etc/unbound/unbound.conf.d/dot-dns0-quad9.conf
View File

@ -25,25 +25,34 @@ forward-zone:
forward-addr: 193.110.81.0@853#dns0.eu
forward-addr: 2a0f:fc81::@853#dns0.eu
forward-addr: 185.253.5.0@853#dns0.eu
# # Unfiltered
# forward-addr: 193.110.81.254@853#open.dns0.eu
# forward-addr: 185.253.5.254@853#open.dns0.eu
# forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
# forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
# # Heavier filtering
# forward-addr: 2a0f:fc80::9@853#zero.dns0.eu
# forward-addr: 193.110.81.9@853#zero.dns0.eu
# forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
# forward-addr: 185.253.5.9@853#zero.dns0.eu
## Unfiltered
#forward-addr: 193.110.81.254@853#open.dns0.eu
#forward-addr: 185.253.5.254@853#open.dns0.eu
#forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
#forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu
## Heavier filtering
#forward-addr: 2a0f:fc80::9@853#zero.dns0.eu
#forward-addr: 193.110.81.9@853#zero.dns0.eu
#forward-addr: 2a0f:fc81::9@853#zero.dns0.eu
#forward-addr: 185.253.5.9@853#zero.dns0.eu
## Quad9
## Default
# forward-addr: 2620:fe::fe@853#dns.quad9.net
# forward-addr: 9.9.9.9@853#dns.quad9.net
# forward-addr: 2620:fe::9@853#dns.quad9.net
# forward-addr: 149.112.112.112@853#dns.quad9.net
## ECS
## Secure
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
## No Threat Blocking
#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
#forward-addr: 149.112.112.10@853#dns10.quad9.net
#forward-addr: 2620:fe::10@853#dns10.quad9.net
#forward-addr: 9.9.9.10@853#dns10.quad9.net
## Secure + ECS
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net
## No Threat Blocking + ECS
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
#forward-addr: 9.9.9.12@853#dns12.quad9.net
#forward-addr: 2620:fe::12@853#dns12.quad9.net
#forward-addr: 149.112.112.12@853#dns12.quad9.net

22
etc/unbound/unbound.conf.d/dot-quad9.conf
View File

@ -12,13 +12,23 @@ server:
forward-zone:
name: "."
forward-tls-upstream: yes
## Default
# forward-addr: 2620:fe::fe@853#dns.quad9.net
# forward-addr: 9.9.9.9@853#dns.quad9.net
# forward-addr: 2620:fe::9@853#dns.quad9.net
# forward-addr: 149.112.112.112@853#dns.quad9.net
## ECS
## Secure
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
## No Threat Blocking
#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
#forward-addr: 149.112.112.10@853#dns10.quad9.net
#forward-addr: 2620:fe::10@853#dns10.quad9.net
#forward-addr: 9.9.9.10@853#dns10.quad9.net
## Secure + ECS
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net
## No Threat Blocking + ECS
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
#forward-addr: 9.9.9.12@853#dns12.quad9.net
#forward-addr: 2620:fe::12@853#dns12.quad9.net
#forward-addr: 149.112.112.12@853#dns12.quad9.net