37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
server:
|
|
# Debian ca-certificates location
|
|
#tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
|
|
# ctrl.blog says this is the Fedora location
|
|
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
|
# Use system certificates no matter where they are
|
|
tls-system-cert: yes
|
|
# Quad9 says pointless performance impact on forwarders.
|
|
# https://docs.quad9.net/Quad9_For_Organizations/DNS_Forwarder_Best_Practices/#disable-qname-minimization
|
|
qname-minimisation: no
|
|
|
|
forward-zone:
|
|
name: "."
|
|
forward-tls-upstream: yes
|
|
## Secure
|
|
#forward-addr: 2620:fe::fe@853#dns.quad9.net
|
|
#forward-addr: 9.9.9.9@853#dns.quad9.net
|
|
#forward-addr: 2620:fe::9@853#dns.quad9.net
|
|
#forward-addr: 149.112.112.112@853#dns.quad9.net
|
|
## No Threat Blocking
|
|
#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
|
|
#forward-addr: 149.112.112.10@853#dns10.quad9.net
|
|
#forward-addr: 2620:fe::10@853#dns10.quad9.net
|
|
#forward-addr: 9.9.9.10@853#dns10.quad9.net
|
|
## Secure + ECS
|
|
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
|
|
forward-addr: 9.9.9.11@853#dns11.quad9.net
|
|
forward-addr: 2620:fe::11@853#dns11.quad9.net
|
|
forward-addr: 149.112.112.11@853#dns11.quad9.net
|
|
## No Threat Blocking + ECS
|
|
#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
|
|
#forward-addr: 9.9.9.12@853#dns12.quad9.net
|
|
#forward-addr: 2620:fe::12@853#dns12.quad9.net
|
|
#forward-addr: 149.112.112.12@853#dns12.quad9.net
|
|
|
|
# vim: filetype=unbound.conf
|