Commit d3c7fa1a authored by soup6020's avatar soup6020
Browse files

Initial Unbound tutorial bringup

parent 5ee963ae
......@@ -42,6 +42,14 @@ This part of guide is only for people who already have an OpenWrt router up and
- Just follow the instructions in OpenWrt/README.md.
- Optional, for people who didn't trust with wifi check bypass: edit lines with `nintendo.net` and `nintendowifi.net`, replace `95.216.149.205` with your own IP (if you intend to make the service accessible outside of your home network use your public IP, if not use your private IP)
## Unbound
This part of guide is only for people who chose to go with Unbound. Please do not follow this section if you chose to use BIND9 or dnsmasq, thank you!
- Download the `Unbound/90dns.conf` file from this repo, and the sample unbound.conf from the same folder.
- Put these files into your Unbound config folder (on Linux, this is `/etc/unbound/`)
- Tweak unbound.conf to your liking (make sure to keep the line saying `include: /etc/unbound/90dns.conf` if nothing else)
- Start and enable unbound (`# systemctl enable --now unbound.service`)
### Web Server (only if you chose to not trust me with wifi check bypass)
#### nginx
......
local-zone: "0.0.0.0" redirect
local-data: "0.0.0.0 A 0.0.0.0"
local-zone: "nintendo.com" redirect
local-data: "nintendo.com A 0.0.0.0"
local-zone: "nintendo.net" redirect
local-data: "nintendo.net A 0.0.0.0"
local-zone: "nintendo.jp" redirect
local-data: "nintendo.jp A 0.0.0.0"
local-zone: "nintendo.co.jp" redirect
local-data: "nintendo.co.jp A 0.0.0.0"
local-zone: "nintendo.co.uk" redirect
local-data: "nintendo.co.uk A 0.0.0.0"
local-zone: "nintendo-europe.com" redirect
local-data: "nintendo-europe.com A 0.0.0.0"
local-zone: "nintendowifi.net" redirect
local-data: "nintendowifi.net A 0.0.0.0"
local-zone: "conntest.nintendowifi.net" redirect
local-data: "conntest.nintendowifi.net A 95.216.149.205"
local-zone: "ctest.cdn.nintendo.net" redirect
local-data: "ctest.cdn.nintendo.net A 95.216.149.205"
local-zone: "90dns.test" redirect
local-data: "90dns.test A 95.216.149.205"
local-zone: "nintendo.es" redirect
local-data: "nintendo.es A 0.0.0.0"
local-zone: "nintendo.co.kr" redirect
local-data: "nintendo.co.kr A 0.0.0.0"
local-zone: "nintendo.tw" redirect
local-data: "nintendo.tw A 0.0.0.0"
local-zone: "nintendo.com.hk" redirect
local-data: "nintendo.com.hk A 0.0.0.0"
local-zone: "nintendo.com.au" redirect
local-data: "nintendo.com.au A 0.0.0.0"
local-zone: "nintendo.co.nz" redirect
local-data: "nintendo.co.nz A 0.0.0.0"
local-zone: "nintendo.at" redirect
local-data: "nintendo.at A 0.0.0.0"
local-zone: "nintendo.be" redirect
local-data: "nintendo.be A 0.0.0.0"
local-zone: "nintendods.cz" redirect
local-data: "nintendods.cz A 0.0.0.0"
local-zone: "nintendo.dk" redirect
local-data: "nintendo.dk A 0.0.0.0"
local-zone: "nintendo.de" redirect
local-data: "nintendo.de A 0.0.0.0"
local-zone: "nintendo.fi" redirect
local-data: "nintendo.fi A 0.0.0.0"
local-zone: "nintendo.fr" redirect
local-data: "nintendo.fr A 0.0.0.0"
local-zone: "nintendo.gr" redirect
local-data: "nintendo.gr A 0.0.0.0"
local-zone: "nintendo.hu" redirect
local-data: "nintendo.hu A 0.0.0.0"
local-zone: "nintendo.it" redirect
local-data: "nintendo.it A 0.0.0.0"
local-zone: "nintendo.nl" redirect
local-data: "nintendo.nl A 0.0.0.0"
local-zone: "nintendo.no" redirect
local-data: "nintendo.no A 0.0.0.0"
local-zone: "nintendo.pt" redirect
local-data: "nintendo.pt A 0.0.0.0"
local-zone: "nintendo.ru" redirect
local-data: "nintendo.ru A 0.0.0.0"
local-zone: "nintendo.se" redirect
local-data: "nintendo.se A 0.0.0.0"
local-zone: "nintendo.co.za" redirect
local-data: "nintendo.co.za A 0.0.0.0"
local-zone: "nintendo.ch" redirect
local-data: "nintendo.ch A 0.0.0.0"
server:
include: /etc/unbound/90dns.conf
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
access-control: 192.168.0.1/16 allow
aggressive-nsec: yes
cache-max-ttl: 14400
cache-min-ttl: 300
port: 53
daemonize: no
hide-identity: yes
hide-version: yes
interface: 0.0.0.0
minimal-responses: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
# tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
use-caps-for-id: yes
verbosity: 1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment