From de33269452bb415e5b2e3acfb9504b66562db7a9 Mon Sep 17 00:00:00 2001
From: eichehome <eichehome@gmx.de>
Date: Fri, 25 Feb 2022 18:30:15 +0100
Subject: [PATCH] =?UTF-8?q?Unverschl=C3=BCsselter=20CoreDNS-Server=20first?=
 =?UTF-8?q?=20config?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CoreDNS/Corefile | 99 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 64 insertions(+), 35 deletions(-)

diff --git a/CoreDNS/Corefile b/CoreDNS/Corefile
index 401a03e..5ac0c9f 100644
--- a/CoreDNS/Corefile
+++ b/CoreDNS/Corefile
@@ -1,53 +1,82 @@
-tls
-sign
-file/root
-loadbalance
-forward
-bind
-loop
-
 dns://.:53 {
-  bind eth0
-  loadbalance round_robin
-  forward . 127.0.0.1:5051 127.0.0.1:5052
+  forward . 5.1.66.255:53 [2001:678:e68:f000::]:53 185.150.99.255 [2001:678:ed0:f000::]:53 91.239.100.100 [2001:67c:28a4::]:53 89.233.43.71 [2a01:3a0:53:53::]:53 {
+    prefer_udp
+    policy round_robin
+  }
+  cache {
+    success 5000
+    denial 2500
+  }
 }
 
+dns://.:5353 {
+  forward . 127.0.0.1:5051 127.0.0.1:5052 127.0.0.1:5053 127.0.0.1:5054 127.0.0.1:5055 127.0.0.1:5056 127.0.0.1:5057 {
+    policy round_robin
+  }
+  cache {
+    success 5000
+    denial 2500
+  }
+}
+
+tls://.:853 {}
+
+https://.:443 {}
+
+##########
+
 127.0.0.1:5051 {
-  forward . tls://8.8.8.8 tls://8.8.4.4 {
-    tls_servername dns.google
+  forward . tls://[2a01:4f8:251:554::2] tls://5.9.164.112 {
+    tls_servername dns3.digitalcourage.de
+    prefer_udp
+    policy round_robin
   }
 }
 
 127.0.0.1:5052 {
-  forward . 1.1.1.1 1.0.0.1 {
-    tls_servername cloudflare-dns.com
+  forward . tls://5.1.66.255 tls://185.150.99.255 tls://[2001:678:ed0:f000::] tls://[2001:678:e68:f000::] {
+    tls_servername dot.ffmuc.net
+    prefer_udp
+    policy round_robin
   }
 }
 
-
-
-tls://.:853 {
-  tls cert.pem key.pem ca.pem
+127.0.0.1:5053 {
+  forward . tls://185.95.218.43 tls://185.95.218.42 tls://[2a05:fc84::43] tls://[2a05:fc84::42] {
+    tls_servername dns.digitale-gesellschaft.ch
+    prefer_udp
+    policy round_robin
+  }
 }
 
-https://.:443 {
-  tls cert.pem key.pem ca.pem
+127.0.0.1:5054 {
+  forward . tls://89.233.43.71 tls://[2a01:3a0:53:53::] {
+    tls_servername unicast.censurfridns.dk
+    prefer_udp
+    policy round_robin
+  }
 }
 
-. {
-  bind eth0
-  loop
-  loadbalance round_robin
-  forward . 8.8.8.8 9.9.9.9
-  forward . tls://9.9.9.9 {
-    tls_servername dns.quad9.net
-    health_check 5s
+127.0.0.1:5055 {
+  forward . tls://91.239.100.100 tls://[2001:67c:28a4::] {
+    tls_servername anycast.censurfridns.dk
+    prefer_udp
+    policy round_robin
   }
-  cache 30
-  hosts {
-    10.0.0.1 example.org
-    falltrough
+}
+
+127.0.0.1:5056 {
+  forward . tls://91.239.100.100 tls://[2001:67c:28a4::] {
+    tls_servername anycast.uncensoreddns.org
+    prefer_udp
+    policy round_robin
+  }
+}
+
+127.0.0.1:5057 {
+  forward . tls://89.233.43.71 tls://[2a01:3a0:53:53::] {
+    tls_servername unicast.uncensoreddns.org
+    prefer_udp
+    policy round_robin
   }
-  hosts
-  hosts /etc/hosts example.org
 }
\ No newline at end of file