From 61d189d64f06258cd4892e34a0a50f3c93a457cd Mon Sep 17 00:00:00 2001 From: Matthew Vance Date: Sat, 15 Aug 2020 08:35:41 -0500 Subject: [PATCH] :hammer: Improve Stubby config --- stubby/stubby.yml | 84 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 76 insertions(+), 8 deletions(-) diff --git a/stubby/stubby.yml b/stubby/stubby.yml index 2f65c53..d8edae8 100644 --- a/stubby/stubby.yml +++ b/stubby/stubby.yml @@ -39,11 +39,11 @@ edns_client_subnet_private : 1 # Sets how stubby distributes queries across name servers. # Set to 1 to instruct stubby to distribute queries across all available name # servers - this will use multiple simultaneous connections which can give -# better performance is most (but not all) cases. +# better performance in most (but not all) cases. # Set to 0 to treat the upstreams below as an ordered list and use a single # upstream until it becomes unavailable, then use the next one. # -round_robin_upstreams: 0 +round_robin_upstreams: 1 # EDNS0 option for keepalive idle timeout in ms as specified in # https://tools.ietf.org/html/rfc7828 @@ -111,11 +111,45 @@ upstream_recursive_servers: - address_data: 1.0.0.1 tls_auth_name: "cloudflare-dns.com" +## Google +# - address_data: 8.8.8.8 +# tls_auth_name: "dns.google" +# - address_data: 8.8.4.4 +# tls_auth_name: "dns.google" + +## getdnsapi.net +# - address_data: 185.49.141.37 +# tls_auth_name: "getdnsapi.net" + +## Surfnet +# - address_data: 145.100.185.15 +# tls_auth_name: "dnsovertls.sinodun.com" +# - address_data: 145.100.185.16 +# tls_auth_name: "dnsovertls1.sinodun.com" + ## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS -# - address_data: 9.9.9.9 -# tls_auth_name: "dns.quad9.net" -# - address_data: 149.112.112.112 -# tls_auth_name: "dns.quad9.net" +# - address_data: 9.9.9.9 +# tls_auth_name: "dns.quad9.net" +# - address_data: 149.112.112.112 +# tls_auth_name: "dns.quad9.net" + +## CleanBrowsing Security Filter +# - address_data: 185.228.168.168 +# tls_auth_name: "security-filter-dns.cleanbrowsing.org" +# - address_data: 185.228.169.168 +# tls_auth_name: "security-filter-dns.cleanbrowsing.org" + +## CleanBrowsing Adult Filter +# - address_data: 185.228.168.10 +# tls_auth_name: "adult-filter-dns.cleanbrowsing.org" +# - address_data: 185.228.169.11 +# tls_auth_name: "adult-filter-dns.cleanbrowsing.org" + +## CleanBrowsing Family Filter +# - address_data: 185.228.168.168 +# tls_auth_name: "family-filter-dns.cleanbrowsing.org" +# - address_data: 85.228.169.168 +# tls_auth_name: "family-filter-dns.cleanbrowsing.org" ####### IPv6 addresses ###### ## Cloudflare servers @@ -124,6 +158,40 @@ upstream_recursive_servers: - address_data: 2606:4700:4700::1001 tls_auth_name: "cloudflare-dns.com" +## Google +# - address_data: 2001:4860:4860::8888 +# tls_auth_name: "dns.google" +# - address_data: 2001:4860:4860::8844 +# tls_auth_name: "dns.google" + +## getdnsapi.net +# - address_data: 2a04:b900:0:100::37 +# tls_auth_name: "getdnsapi.net" + +## Surfnet +# - address_data: 2001:610:1:40ba:145:100:185:15 +# tls_auth_name: "dnsovertls.sinodun.com" +# - address_data: 2001:610:1:40ba:145:100:185:16 +# tls_auth_name: "nsovertls1.sinodun.com" + ## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS -# - address_data: 2620:fe::fe -# tls_auth_name: "dns.quad9.net" +# - address_data: 2620:fe::fe +# tls_auth_name: "dns.quad9.net" + +## CleanBrowsing Security Filter +# - address_data: 2a0d:2a00:1::2 +# tls_auth_name: "security-filter-dns.cleanbrowsing.org" +# - address_data: 2a0d:2a00:2::2 +# tls_auth_name: "security-filter-dns.cleanbrowsing.org" + +## CleanBrowsing Adult Filter +# - address_data: 2a0d:2a00:1::1 +# tls_auth_name: "adult-filter-dns.cleanbrowsing.org" +# - address_data: 2a0d:2a00:2::1 +# tls_auth_name: "adult-filter-dns.cleanbrowsing.org" + +## CleanBrowsing Family Filter +# - address_data: 2a0d:2a00:1:: +# tls_auth_name: "family-filter-dns.cleanbrowsing.org" +# - address_data: 2a0d:2a00:2:: +# tls_auth_name: "family-filter-dns.cleanbrowsing.org" \ No newline at end of file