Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Unbound/BIND config for DNS over TLS to 1.1.1.1
options {
directory "/tmp";
listen-on-v6 { none; };
forwarders {
127.0.0.1 port 2053;
};
auth-nxdomain no; # conform to RFC1035
notify yes; # notify slave server(s)
};
forward-zone:
name: "."
forward-addr: 1.1.1.1@853 # Cloudflare primary
forward-addr: 1.0.0.1@853 # Cloudflare secondary
forward-addr: 9.9.9.9@853 # quad9.net primary
forward-addr: 149.112.112.112@853 # quad9.net secondary
forward-ssl-upstream: yes
do-tcp: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
do-ip6: no
do-not-query-localhost: no #leftover from using Unbound in front of BIND
port: 2053
@da2x

This comment has been minimized.

Copy link

da2x commented Jun 3, 2018

You're not verifying the certificates of the forwarders with this setup.

@TryAztec

This comment has been minimized.

Copy link

TryAztec commented Mar 14, 2019

server: do-tcp: yes prefetch: yes qname-minimisation: yes rrset-roundrobin: yes use-caps-for-id: yes do-ip6: no do-not-query-localhost: no #leftover from using Unbound in front of BIND port: 2053

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.