🔨 Improve Stubby config

stubby/stubby.yml

@@ -39,11 +39,11 @@ edns_client_subnet_private : 1
 # Sets how stubby distributes queries across name servers. 
 # Set to 1 to instruct stubby to distribute queries across all available name
 # servers - this will use multiple simultaneous connections which can give
-# better performance is most (but not all) cases.
+# better performance in most (but not all) cases.
 # Set to 0 to treat the upstreams below as an ordered list and use a single
 # upstream until it becomes unavailable, then use the next one.
 #
-round_robin_upstreams: 0
+round_robin_upstreams: 1
 
 # EDNS0 option for keepalive idle timeout in ms as specified in
 # https://tools.ietf.org/html/rfc7828
@@ -111,11 +111,45 @@ upstream_recursive_servers:
   - address_data: 1.0.0.1
     tls_auth_name: "cloudflare-dns.com"
 
+## Google
+#  - address_data: 8.8.8.8
+#    tls_auth_name: "dns.google"
+#  - address_data: 8.8.4.4
+#    tls_auth_name: "dns.google"
+
+## getdnsapi.net
+#  - address_data: 185.49.141.37
+#    tls_auth_name: "getdnsapi.net"
+
+## Surfnet
+#  - address_data: 145.100.185.15
+#    tls_auth_name: "dnsovertls.sinodun.com"
+#  - address_data: 145.100.185.16
+#    tls_auth_name: "dnsovertls1.sinodun.com"
+
 ## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
-#   - address_data: 9.9.9.9
-#     tls_auth_name: "dns.quad9.net"
-#   - address_data: 149.112.112.112
-#     tls_auth_name: "dns.quad9.net"
+#  - address_data: 9.9.9.9
+#    tls_auth_name: "dns.quad9.net"
+#  - address_data: 149.112.112.112
+#    tls_auth_name: "dns.quad9.net"
+
+## CleanBrowsing Security Filter
+#  - address_data: 185.228.168.168
+#    tls_auth_name: "security-filter-dns.cleanbrowsing.org"
+#  - address_data: 185.228.169.168
+#    tls_auth_name: "security-filter-dns.cleanbrowsing.org"
+
+## CleanBrowsing Adult Filter
+#  - address_data: 185.228.168.10
+#    tls_auth_name: "adult-filter-dns.cleanbrowsing.org"
+#  - address_data: 185.228.169.11
+#    tls_auth_name: "adult-filter-dns.cleanbrowsing.org"
+
+## CleanBrowsing Family Filter
+#  - address_data: 185.228.168.168
+#    tls_auth_name: "family-filter-dns.cleanbrowsing.org"
+#  - address_data: 85.228.169.168
+#    tls_auth_name: "family-filter-dns.cleanbrowsing.org"
 
 ####### IPv6 addresses ######
 ## Cloudflare servers
@@ -124,6 +158,40 @@ upstream_recursive_servers:
   - address_data: 2606:4700:4700::1001
     tls_auth_name: "cloudflare-dns.com"
 
+## Google
+#  - address_data: 2001:4860:4860::8888
+#    tls_auth_name: "dns.google"
+#  - address_data: 2001:4860:4860::8844
+#    tls_auth_name: "dns.google"
+
+## getdnsapi.net
+#  - address_data: 2a04:b900:0:100::37
+#    tls_auth_name: "getdnsapi.net"
+
+## Surfnet
+#  - address_data: 2001:610:1:40ba:145:100:185:15
+#    tls_auth_name: "dnsovertls.sinodun.com"
+#  - address_data: 2001:610:1:40ba:145:100:185:16
+#    tls_auth_name: "nsovertls1.sinodun.com"
+
 ## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
-#   - address_data: 2620:fe::fe
-#     tls_auth_name: "dns.quad9.net"
+#  - address_data: 2620:fe::fe
+#    tls_auth_name: "dns.quad9.net"
+
+## CleanBrowsing Security Filter
+#  - address_data: 2a0d:2a00:1::2
+#    tls_auth_name: "security-filter-dns.cleanbrowsing.org"
+#  - address_data: 2a0d:2a00:2::2
+#    tls_auth_name: "security-filter-dns.cleanbrowsing.org"
+
+## CleanBrowsing Adult Filter
+#  - address_data: 2a0d:2a00:1::1
+#    tls_auth_name: "adult-filter-dns.cleanbrowsing.org"
+#  - address_data: 2a0d:2a00:2::1
+#    tls_auth_name: "adult-filter-dns.cleanbrowsing.org"
+
+## CleanBrowsing Family Filter
+#  - address_data: 2a0d:2a00:1::
+#    tls_auth_name: "family-filter-dns.cleanbrowsing.org"
+#  - address_data: 2a0d:2a00:2::
+#    tls_auth_name: "family-filter-dns.cleanbrowsing.org"