{ enable = true; localControlSocketPath = "/run/unbound/unbound.ctl"; settings = { server = { cache-max-ttl = 14400; cache-min-ttl = 1200; aggressive-nsec = true; prefetch = false; rrset-roundrobin = true; use-caps-for-id = true; do-ip6 = false; hide-identity = true; hide-version = true; do-not-query-localhost = false; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; }; # fritz.box stub zone stub-zone = { name = "fritz.box"; stub-addr = "192.168.178.1"; }; # DNS over DLS forwarding forward-zone = { name = "."; forward-tls-upstream = true; forward-addr = [ "5.1.66.255@853#dot.ffmuc.net" "185.150.99.255@853#dot.ffmuc.net" "145.100.185.18@853#dnsovertls3.sinodun.com" "89.233.43.71@853#unicast.censurfridns.dk" "94.130.110.185@853#ns1.dnsprivacy.at" "2001:678:e68:f000::@853#dot.ffmuc.net" "2001:678:ed0:f000::@853#dot.ffmuc.net" "2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com" "2a01:3a0:53:53::0@853#unicast.censurfridns.dk" "2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at" "2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at" "2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com" "2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com" "2a04:b900:0:100::38@853#getdnsapi.net" "145.100.185.15@853#dnsovertls.sinodun.com" "145.100.185.16@853#dnsovertls1.sinodun.com" "185.49.141.37@853#getdnsapi.net" ]; }; }; }