From d081d0fc4d1ad3191823b10536c29d33ee6ddcd1 Mon Sep 17 00:00:00 2001
From: h-town <29696865+h-town@users.noreply.github.com>
Date: Mon, 5 Aug 2019 06:34:29 -0500
Subject: [PATCH] Revise hard-coded ssl resolver to Cloudflare & Quad9 (#543)

Google (terrible) and OpenDNS (questionable at best) are not ideal for privacy-minded users.  Both Cloudflare DNS and Quad9 at least claim to drop logs, each of them have widely-reported response times, and they're sufficiently established with over a year of service.
---
 util/Setup/Templates/NginxConfig.hbs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/Setup/Templates/NginxConfig.hbs b/util/Setup/Templates/NginxConfig.hbs
index 28d733851f..7be6248de4 100644
--- a/util/Setup/Templates/NginxConfig.hbs
+++ b/util/Setup/Templates/NginxConfig.hbs
@@ -43,7 +43,7 @@ server {
 
   # Verify chain of trust of OCSP response using Root CA and Intermediate certs
   ssl_trusted_certificate {{{CaPath}}};
-  resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
+  resolver 1.1.1.1 1.0.0.1 9.9.9.9 valid=300s;
 {{/if}}
 
   include /etc/nginx/security-headers-ssl.conf;