Unbound: Difference between revisions
m Style correction |
Resolving issues with example config |
||
| (One intermediate revision by one other user not shown) | |||
| Line 27: | Line 27: | ||
== DNS forwarder with blocklists == | == DNS forwarder with blocklists == | ||
In this configuration we are using DoT to reach Quad9 and Cloudflare public DNS resolvers, in addition, we are filtering the results with a list that blocks adds and improves privacy and security | In this configuration we are using DoT to reach Quad9 and Cloudflare public DNS resolvers, in addition, we are filtering the results with a list that blocks adds and improves privacy and security (as Pi-hole does). | ||
<syntaxhighlight lang="nixos"> | <syntaxhighlight lang="nixos"> | ||
| Line 37: | Line 37: | ||
interface = [ "192.168.1.2" ]; | interface = [ "192.168.1.2" ]; | ||
# IPs allowed to query | # IPs allowed to query | ||
access-control = [ "192.168.1.0/24" | access-control = [ "192.168.1.0/24 allow" ]; | ||
# Enable RPZ | # Enable RPZ | ||
module | module-config = "'respip validator iterator'"; | ||
}; | }; | ||
| Line 45: | Line 45: | ||
name = "hageziPro"; | name = "hageziPro"; | ||
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; | url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"; | ||
}] | }]; | ||
settings.forward-zone = [{ | settings.forward-zone = [{ | ||
| Line 51: | Line 51: | ||
forward-tls-upstream = true; | forward-tls-upstream = true; | ||
forward-addr = [ | forward-addr = [ | ||
"9.9.9.9@853#dns.quad9.net" | "9.9.9.9@853#dns.quad9.net" | ||
"149.112.112.112@853#dns.quad9.net" | "149.112.112.112@853#dns.quad9.net" | ||
"1.1.1.1@853#cloudflare-dns.com" | "1.1.1.1@853#cloudflare-dns.com" | ||
"1.0.0.1@853#cloudflare-dns.com" | "1.0.0.1@853#cloudflare-dns.com" | ||
] | ]; | ||
}]; | }]; | ||
}; | }; | ||