Skip to content

Instantly share code, notes, and snippets.

@cpswan cpswan/named.conf

Last active Jan 2, 2020
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Unbound/BIND config for DNS over TLS to 1.1.1.1
Raw
named.conf
options {
directory "/tmp";
listen-on-v6 { none; };
forwarders {
127.0.0.1 port 2053;
};
auth-nxdomain no; # conform to RFC1035
notify yes; # notify slave server(s)
};
Raw
unbound_ext.conf
forward-zone:
name: "."
forward-addr: 217.169.20.22@853#dns.aa.net.uk
forward-addr: 1.1.1.1@853#1dot1dot1dot1.cloudflare-dns.com
forward-addr: 1.0.0.1@853#1dot1dot1dot1.cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#rpz-public-resolver1.rrdns.pch.net
forward-ssl-upstream: yes
Raw
unbound_srv.conf
do-tcp: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
do-ip6: no
do-not-query-localhost: no #leftover from using Unbound in front of BIND
port: 2053
@da2x

This comment has been minimized.

Sign in to view
Copy link

da2x commented Jun 3, 2018

You're not verifying the certificates of the forwarders with this setup.
@TryAztec

This comment has been minimized.

Sign in to view
Copy link

TryAztec commented Mar 14, 2019

server: do-tcp: yes prefetch: yes qname-minimisation: yes rrset-roundrobin: yes use-caps-for-id: yes do-ip6: no do-not-query-localhost: no #leftover from using Unbound in front of BIND port: 2053
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.