From 7cd35737ba222d2da5079233950dc9a8b8d54ba5 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Sat, 2 May 2020 15:40:40 +0000 Subject: [PATCH] Defaults DOT_IPV6 to off --- Dockerfile | 2 +- README.md | 2 +- docker-compose.yml | 2 +- internal/params/dns.go | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8b03bdd..ae073230 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,7 +65,7 @@ ENV VPNSP="private internet access" \ DOT_VERBOSITY_DETAILS=0 \ DOT_VALIDATION_LOGLEVEL=0 \ DOT_CACHING=on \ - DOT_IPV6=on \ + DOT_IPV6=off \ BLOCK_MALICIOUS=on \ BLOCK_SURVEILLANCE=off \ BLOCK_ADS=off \ diff --git a/README.md b/README.md index 49983650..a2bb3157 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io | `DOT` | `on` | | ✅ | ✅ | ✅ | Activate DNS over TLS | `on`, `off` | | `DOT_PROVIDERS` | `cloudflare` | | ✅ | ✅ | ✅ | Comma delimited list of DNS over TLS providers | `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` | | `DOT_CACHING` | `on` | | ✅ | ✅ | ✅ | DNS over TLS Unbound caching | `on`, `off` | -| `DOT_IPV6` | `on` | | ✅ | ✅ | ✅ | DNS over TLS IPv6 resolution | `on`, `off` | +| `DOT_IPV6` | `off` | | ✅ | ✅ | ✅ | DNS over TLS IPv6 resolution | `on`, `off` | | `DOT_PRIVATE_ADDRESS` | All private CIDRs ranges | | ✅ | ✅ | ✅ | Comma separated list of CIDRs or single IP addresses Unbound won't resolve to. Note that the default setting prevents DNS rebinding | | | `DOT_VERBOSITY` | `1` | | ✅ | ✅ | ✅ | DNS over TLS Unbound verbosity level | `0`, `1`, `2`, `3`, `4`, `5` | | `DOT_VERBOSITY_DETAILS` | `0` | | ✅ | ✅ | ✅ | Unbound details verbosity level | `0`, `1`, `2`, `3`, `4` | diff --git a/docker-compose.yml b/docker-compose.yml index 89cf73a0..fd698ab7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,7 +41,7 @@ services: # DNS over TLS - DOT=on - DOT_PROVIDERS=cloudflare - - DOT_IPV6=on + - DOT_IPV6=off - DOT_VERBOSITY=1 - BLOCK_MALICIOUS=on - BLOCK_SURVEILLANCE=off diff --git a/internal/params/dns.go b/internal/params/dns.go index 57a30d6c..dc17f210 100644 --- a/internal/params/dns.go +++ b/internal/params/dns.go @@ -130,5 +130,5 @@ func (p *reader) GetDNSOverTLSPrivateAddresses() (privateAddresses []string, err // GetDNSOverTLSIPv6 obtains if Unbound should resolve ipv6 addresses using ipv6 DNS over TLS // servers from the environment variable DOT_IPV6 func (p *reader) GetDNSOverTLSIPv6() (ipv6 bool, err error) { - return p.envParams.GetOnOff("DOT_IPV6") + return p.envParams.GetOnOff("DOT_IPV6", libparams.Default("off")) }