Dotfiles from time before I knew the word dotfiles, but the name has stuck.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

120 lines
4.8KB

  1. # NOTE! Requires Unbound 1.7.3 or newer! Debian 9 has 1.6.0
  2. # Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
  3. #
  4. # NOTE! You might also be interested in cache.conf, ipv6.conf and
  5. # threads.conf
  6. # You should already have qname-minimisation.conf and
  7. # root-auto-trust-anchor-file.conf at least on Debian.
  8. server:
  9. # Debian ca-certificates location
  10. tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
  11. # ctrl.blog says this is the Fedora location
  12. #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  13. # Forward queries to
  14. forward-zone:
  15. name: "."
  16. forward-tls-upstream: yes
  17. ## DNS-over-TLS on port 443, no filtering
  18. # https://appliedprivacy.net/services/dns/ - Vienna, Austria
  19. forward-addr: 37.252.185.232@443#dot1.appliedprivacy.net
  20. # https://dnswarden.com/ - Germany
  21. forward-addr: 2a01:4f8:1c1c:5e77::1@443#uncensored-dot.dnswarden.com
  22. forward-addr: 2a01:4f8:1c1c:75b4::1@443#uncensored-dot.dnswarden.com
  23. forward-addr: 116.203.35.255@443#uncensored-dot.dnswarden.com
  24. forward-addr: 116.203.70.156@443#uncensored-dot.dnswarden.com
  25. ## DNS-over-TLS on port 853, no filtering
  26. # CZ.NIC https://www.nic.cz/odvr/
  27. forward-addr: 2001:148f:ffff::1@853#odvr.nic.cz
  28. forward-addr: 2001:148f:fffe::1@853#odvr.nic.cz
  29. forward-addr: 193.17.47.1@853#odvr.nic.cz
  30. forward-addr: 185.43.135.1@853#odvr.nic.cz
  31. # Lelux.fi Luxembourg
  32. forward-addr: 2605:6400:30:f891::1@853#resolver2.lelux.fi
  33. forward-addr: 104.244.79.229@853#resolver2.lelux.fi
  34. # NixNet.xyz, Anycast
  35. forward-addr: 198.251.90.114@853#uncensored.any.dns.nixnet.xyz
  36. # Snopyta.org, Finland
  37. forward-addr: 2a01:4f9:2a:1919::9301@853#fi.dot.dns.snopyta.org
  38. forward-addr: 95.216.24.230@853#fi.dot.dns.snopyta.org
  39. # uncensoreddns.org / censurfridns.dk - Anycast (Copenhagen?)
  40. forward-addr: 2001:67c:28a4::@853#anycast.censurfridns.dk
  41. forward-addr: 91.239.100.100@853#anycast.censurfridns.dk
  42. # Cloudflare DNS - anycast
  43. # warning: for-profit business (and too big in my opinion), USA based
  44. # my conscience demands me to comment it due to their thread to
  45. # decentralization
  46. #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
  47. #forward-addr: 1.1.1.1@853#cloudflare-dns.com
  48. #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
  49. #forward-addr: 1.0.0.1@853#cloudflare-dns.com
  50. # https://securedns.eu/ - The Netherlands
  51. forward-addr: 2a03:b0c0:0:1010::e9a:3001@853#dot.securedns.eu
  52. forward-addr: 146.185.167.43@853#dot.securedns.eu
  53. ## Malicious domain filtering
  54. # Quad9 - warning: uncommenting others simultaneously will break
  55. # malicious domain blocking. - Anycast, USA based
  56. forward-addr: 2620:fe::fe@853#dns.quad9.net
  57. forward-addr: 9.9.9.9@853#dns.quad9.net
  58. forward-addr: 2620:fe::9@853#dns.quad9.net
  59. forward-addr: 149.112.112.112@853#dns.quad9.net
  60. # AdBlocking DNS
  61. # AdGuard DNS - warning: for-profit business which task is to lie (to
  62. # block ads) - anycast (Cyprus based)
  63. #forward-addr: 176.103.130.130@853#dns.adguard.com
  64. #forward-addr: 176.103.130.131@853#dns.adguard.com
  65. # BlahDNS.com - uncommented due to 443, so even with blocked queries
  66. # something might work on a restricted network
  67. # Germany
  68. forward-addr: 2a01:4f8:1c1c:6b4b::1@443#dot-de.blahdns.com
  69. forward-addr: 159.69.198.101@443#dot-de.blahdns.com
  70. # Yggdrasil
  71. forward-addr: 201:742c:871d:24ef:c850:e1ff:41c7:12bc@443#dot-de.blahdns.com
  72. # Finland
  73. forward-addr: 2a01:4f9:c010:43ce::1@443#dot-fi.blahdns.com
  74. forward-addr: 95.216.212.177@443#dot-fi.blahdns.com
  75. # Yggdrasil
  76. forward-addr: 200:37c8:cf4:4453:3692:5b98:c2db:9065@443#dot-fi.blahdns.com
  77. # Japan
  78. forward-addr: 2001:19f0:7001:1ded:5400:01ff:fe90:945b@443#dot-jp.blahdns.com
  79. forward-addr: 108.61.201.119@443#dot-jp.blahdns.com
  80. # Yggdrasil
  81. forward-addr: 202:f97c:46c8:d7b4:71f1:7e8b:2e64:353d@443#dot-jp.blahdns.com
  82. # dnswarden.com - Germany
  83. # note: short blacklist
  84. #forward-addr: 2a01:4f8:1c1c:5e77::1@443#adblock-dot.dnswarden.com
  85. #forward-addr: 2a01:4f8:1c1c:75b4::1@443#adblock-dot.dnswarden.com
  86. #forward-addr: 116.203.35.255@443#adblock-dot.dnswarden.com
  87. #forward-addr: 116.203.70.156@443#adblock-dot.dnswarden.com
  88. # https://securedns.eu/ - The Netherlands
  89. #forward-addr: 2a03:b0c0:0:1010::e9a:3001@853#ads-dot.securedns.eu
  90. #forward-addr: 146.185.167.43@853#ads-dot.securedns.eu
  91. ## Hopefully in the future
  92. # DNS.WATCH (German) - PROBLEM: NO DOT AS OF 2019-07-22 but in hope
  93. # they will have it I am leaving these here.
  94. #forward-addr: 2001:1608:10:25::1c04:b12f@853#resolver1.dns.watch
  95. #forward-addr: 2001:1608:10:25::9249:d69b@853#resolver2.dns.watch
  96. #forward-addr: 84.200.69.80@853#resolver1.dns.watch
  97. #forward-addr: 84.200.70.40@853#resolver2.dns.watch