User Tools

Site Tools


soft:unbound

Unbound dns resolver

My unbound configuration which focus on security and some privacy regarding my ISP by using cloudflare and quad9 on DNS over TLS.

/etc/unbound/unbound.conf
server:
  verbosity: 1
  use-syslog: yes
  interface: 0.0.0.0
  interface: ::
  access-control: 192.168.31.0/24 allow
  access-control: 127.0.0.0/8 allow
  access-control: ::1/128 allow
  hide-identity: yes
  hide-version: yes
  minimal-responses: yes
  prefetch: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  cache-max-ttl: 14400
  # cache-min-ttl: 600
  do-tcp: yes
  do-udp: yes
  use-caps-for-id: yes
  # static dns entries (for internal dns)
  # local-zone: "in.philpep.org." static
  # local-data: "aldo.in.philpep.org IN A 192.168.31.254"
  # local-data-ptr: "192.168.31.254 aldo.in.philpep.org"
  # [...]
 
forward-zone:
  name: "."
  forward-ssl-upstream: yes
  forward-addr: 1.1.1.1@853         # cloudflare primary
  forward-addr: 1.0.0.1@853         # cloudflare primary
  forward-addr: 9.9.9.9@853         # quad9.net primary
  forward-addr: 149.112.112.112@853 # quad9.net secondary
soft/unbound.txt · Last modified: 2019/07/14 21:51 by phil