server: # Debian ca-certificates location #tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt # ctrl.blog says this is the Fedora location #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem # Use system certificates no matter where they are tls-system-cert: yes # Quad9 says pointless performance impact on forwarders. # https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization qname-minimisation: no # Private ECS is more accurate with IPv4 than IPv6. prefer-ip4: yes prefer-ip6: no forward-zone: name: "." forward-tls-upstream: yes forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com forward-addr: 94.140.14.14@853#dns.adguard.com forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com forward-addr: 94.140.15.15@853#dns.adguard.com # Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html # vim: filetype=unbound.conf