# NOTE: Read dns-over-tls.conf! This is only for IPv6-only hosts which
# are currently rare. And this is more of a placeholder.

server:
	# Debian ca-certificates location
	#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
	# Fedora
	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
	# Use system certificates no matter where they are
	tls-system-cert: yes
	# Quad9 says pointless performance impact on forwarders.
	# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
	qname-minimisation: no

# Forward queries to
forward-zone:
	name: "."
	forward-tls-upstream: yes

	# Google DNS64 for 64:ff9b::/96
	# As of 2019-08-25 this doesn't seem to actually be working, but I hope
	# Google will fix it by the time I actually have IPv6 only hosts and
	# there will be not-Google options.
	#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
	#forward-addr: 2001:4860:4860::64@853#dns64.dns.google

	# Cloudflare for 64:ff9b::/96
	forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
	forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com

# vim: filetype=unbound.conf