server:
	# Debian ca-certificates location
	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
	# Fedora location
	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

# This list is for my travel laptop to have at least one DoT443 server
# which seems to be applied-privacy.net. They advice having multiple DoT servers
# for redundancy and as they don't filter, it's best I use other non-filtering ones.

forward-zone:
	name: "."
	forward-tls-upstream: yes

	# https://appliedprivacy.net/services/dns/ - Vienna, Austria
	forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
	forward-addr: 146.255.56.98@443#dot1.applied-privacy.net

	# https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS
	forward-addr: 193.110.81.254@853#open.dns0.eu
	forward-addr: 185.253.5.254@853#open.dns0.eu
	forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu
	forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu

	# Adguard DNS Unfiltered Anycast. Malta based. Private ECS.
	forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com
	forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com
	forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com
	forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com