-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path70-adblock.conf
More file actions
40 lines (32 loc) · 1.3 KB
/
70-adblock.conf
File metadata and controls
40 lines (32 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# /etc/systemd/resolved.conf.d/70-adblock.conf
# systemd-resolved configuration for localhost adblock
# Copyright 2024 (c) Brady Etz, https://github.com/b-etz/systemd-adblock
#
# systemd-resolved defaults can be restored by deleting this drop-in.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.
[Resolve]
# Use these rules for any domain query
Domains=~.
# Use Quad9 as the default upstream resolver, and Cloudflare otherwise
DNS= 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
FallbackDNS=1.1.1.2#cloudflare-dns.com 1.0.0.2#cloudflare-dns.com 2606:4700:4700::1112#cloudflare-dns.com 2606:4700:4700::1002#cloudflare-dns.com
# Unnecessary features for a typical workstation
LLMNR=false
MulticastDNS=false
# Force DNSSEC and DoT whenever systemd-resolved is used
DNSSEC=true
DNSOverTLS=yes
# Cache responses, but avoid duplicate cache entries
Cache=yes
CacheFromLocalhost=no
# Listen to localhost at 127.0.0.53 and 127.0.0.54
DNSStubListener=yes
# Resolve hosts in /etc/hosts before querying upstream
ReadEtcHosts=yes
# Don't try to resolve private single-label names
ResolveUnicastSingleLabel=false
# Return stale responses up to one hour if DNS servers are unreachable
StaleRetentionSec=3600