server: # Debian ca-certificates location #tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # Fedora #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem # Use system certificates no matter where they are tls-system-cert: yes # Quad9 says pointless performance impact on forwarders. # https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization qname-minimisation: no forward-zone: name: "." forward-tls-upstream: yes # Default / unfiltered #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com #forward-addr: 1.1.1.1@853#cloudflare-dns.com #forward-addr: 1.0.0.1@853#cloudflare-dns.com # Malware blocking forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com forward-addr: 1.1.1.2@853#security.cloudflare-dns.com forward-addr: 1.0.0.2@853#security.cloudflare-dns.com # Malware and adult content blocking #forward-addr: 2606:4700:4700::1113@853#family.cloudflare-dns.com #forward-addr: 2606:4700:4700::1003@853#family.cloudflare-dns.com #forward-addr: 1.1.1.3@853#family.cloudflare-dns.com #forward-addr: 1.0.0.3@853#family.cloudflare-dns.com # vim: filetype=unbound.conf