Re: unbound

From: Dave Cottlehuber <dch_at_skunkwerks.at>
Date: Wed, 31 May 2023 08:20:11 UTC

On Tue, 30 May 2023, at 20:30, Dag-Erling Smørgrav wrote:
> "Dave Cottlehuber" <dch@skunkwerks.at> writes:
>> https://support.quad9.net/hc/en-us/articles/7200715305997-DNS-over-TLS-FreeBSD-with-local-unbound
>> has a full config on their site, which can be summarised as defaults +
>
> This is bad advice, please see this instead:
>
> https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/
>
> (just replace the cloudflare addresses with quad9 addresses)
>
> DES
> -- 
> Dag-Erling Smørgrav - des@FreeBSD.org

Thanks DES for a better solution, TIL.

I'll see if we can persuade quad9 to update their docs.

local_unbound_enable=YES
local_unbound_tls=YES
local_unbound_forwarders="9.9.9.9@853#quad9.net 149.112.112.112@853#quad9.net"

Running that (for ipv4 config only) yields:

forward-zone:
	name: .
	forward-tls-upstream: yes
	forward-addr: 9.9.9.9@853#quad9.net
	forward-addr: 149.112.112.112@853#quad9.net

A+
Dave