server: # Debian ca-certificates location #tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # Fedora location #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem # Use system certificates no matter where they are tls-system-cert: yes # Quad9 says pointless performance impact on forwarders. # https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization qname-minimisation: no # This list is for my travel laptop to have at least one DoT443 server # which seems to be applied-privacy.net. They advice having multiple DoT servers # for redundancy and as they don't filter, it's best I use other non-filtering ones. forward-zone: name: "." forward-tls-upstream: yes # https://appliedprivacy.net/services/dns/ - Vienna, Austria forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net forward-addr: 146.255.56.98@443#dot1.applied-privacy.net # https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS forward-addr: 193.110.81.254@853#open.dns0.eu forward-addr: 185.253.5.254@853#open.dns0.eu forward-addr: 2a0f:fc80::ffff@853#open.dns0.eu forward-addr: 2a0f:fc81::ffff@853#open.dns0.eu # Adguard DNS Unfiltered Anycast. Malta based. Private ECS. forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com forward-addr: 2a10:50c0::2:ff@853#unfiltered.adguard-dns.com forward-addr: 94.140.14.140@853#unfiltered.adguard-dns.com forward-addr: 94.140.14.141@853#unfiltered.adguard-dns.com # vim: filetype=unbound.conf