/named.conf
Created Apr 2, 2018
Unbound/BIND config for DNS over TLS to 1.1.1.1
| options { | |
| directory "/tmp"; | |
| listen-on-v6 { none; }; | |
| forwarders { | |
| 127.0.0.1 port 2053; | |
| }; | |
| auth-nxdomain no; # conform to RFC1035 | |
| notify yes; # notify slave server(s) | |
| }; |
| forward-zone: | |
| name: "." | |
| forward-addr: 1.1.1.1@853 # Cloudflare primary | |
| forward-addr: 1.0.0.1@853 # Cloudflare secondary | |
| forward-addr: 9.9.9.9@853 # quad9.net primary | |
| forward-addr: 149.112.112.112@853 # quad9.net secondary | |
| forward-ssl-upstream: yes |
| do-tcp: yes | |
| prefetch: yes | |
| qname-minimisation: yes | |
| rrset-roundrobin: yes | |
| use-caps-for-id: yes | |
| do-ip6: no | |
| do-not-query-localhost: no #leftover from using Unbound in front of BIND | |
| port: 2053 |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
da2x
commented
Jun 3, 2018
|
You're not verifying the certificates of the forwarders with this setup. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You're not verifying the certificates of the forwarders with this setup.