From 663885a56872b3639a39d8feaa02aa1a5369b1bb Mon Sep 17 00:00:00 2001
From: Dan Church <amphetamachine@gmail.com>
Date: Tue, 13 Dec 2022 11:28:17 -0600
Subject: [PATCH 1/3] Add IPv6 address of Google's global DNS server

While "dig @8.8.8.8 example.com" gives AAAA records, this feels wrong;
we must move move toward using IPv6 only.
---
 dnsmasq.d/01-you-dont-need-pihole.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dnsmasq.d/01-you-dont-need-pihole.conf b/dnsmasq.d/01-you-dont-need-pihole.conf
index aff8213..483a924 100644
--- a/dnsmasq.d/01-you-dont-need-pihole.conf
+++ b/dnsmasq.d/01-you-dont-need-pihole.conf
@@ -44,5 +44,7 @@ no-resolv
 
 # For non-blocked DNS queries, telephone the request thru Google's global DNS
 # server.
+server=2001:4860:4860::8888
+server=2001:4860:4860::8844
 server=8.8.8.8
 server=8.8.4.4

From a8f0b510a36f4b926e45138009c7f85b92f28277 Mon Sep 17 00:00:00 2001
From: Dan Church <amphetamachine@gmail.com>
Date: Tue, 13 Dec 2022 11:50:44 -0600
Subject: [PATCH 2/3] Add suggested 'bogus-priv', 'domain-needed' options

Also alphabetize options.
---
 dnsmasq.d/01-you-dont-need-pihole.conf | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/dnsmasq.d/01-you-dont-need-pihole.conf b/dnsmasq.d/01-you-dont-need-pihole.conf
index 483a924..3bf4709 100644
--- a/dnsmasq.d/01-you-dont-need-pihole.conf
+++ b/dnsmasq.d/01-you-dont-need-pihole.conf
@@ -11,21 +11,27 @@
 # You may NOT use this software for commercial purposes.
 ###############################################################################
 
-# Do not load /etc/hosts as a dataset for replies. (By default dnsmasq performs
-# an implicit "addn-hosts=/etc/hosts"; this prevents it.)
-no-hosts
-
 # Add our block lists
 addn-hosts=/etc/you-dont-need-pihole/local.list
 addn-hosts=/etc/you-dont-need-pihole/custom.list
 addn-hosts=/etc/you-dont-need-pihole/block.list
 
-# Return answers to DNS queries from /etc/hosts.
-#localise-queries
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
 
 # In-memory cache size.
 cache-size=10000
 
+# Never forward plain names (without a dot or domain part)
+domain-needed
+
+# Do not load /etc/hosts as a dataset for replies. (By default dnsmasq performs
+# an implicit "addn-hosts=/etc/hosts"; this prevents it.)
+no-hosts
+
+# Return answers to DNS queries from /etc/hosts.
+#localise-queries
+
 # Don't log queries - only startup/shutdown messages. (Un-comment this option
 # for debugging.)
 #log-queries

From 934cdd7f035d257bc6fcf3b8ea1dc029604d167f Mon Sep 17 00:00:00 2001
From: Dan Church <amphetamachine@gmail.com>
Date: Tue, 13 Dec 2022 12:08:42 -0600
Subject: [PATCH 3/3] Use '::' as for the IPv6 blocked address

See https://docs.pi-hole.net/ftldns/blockingmode/
---
 make-block.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/make-block.pl b/make-block.pl
index 1ac0d8a..425eafb 100755
--- a/make-block.pl
+++ b/make-block.pl
@@ -69,7 +69,7 @@ sub read_stripped {
 
 MAIN: {
     my $out;
-    my $block_ip = '0.0.0.0 ::1';
+    my $block_ip = '0.0.0.0 ::';
     my $workdir = $FindBin::RealBin;
 
     unless (&GetOptions(