Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Unbound/BIND config for DNS over TLS to 1.1.1.1
options {
directory "/tmp";
listen-on-v6 { none; };
forwarders {
127.0.0.1 port 2053;
};
auth-nxdomain no; # conform to RFC1035
notify yes; # notify slave server(s)
};
forward-zone:
name: "."
forward-addr: 1.1.1.1@853 # Cloudflare primary
forward-addr: 1.0.0.1@853 # Cloudflare secondary
forward-addr: 9.9.9.9@853 # quad9.net primary
forward-addr: 149.112.112.112@853 # quad9.net secondary
forward-ssl-upstream: yes
do-tcp: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
do-ip6: no
do-not-query-localhost: no #leftover from using Unbound in front of BIND
port: 2053
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment