nixos-servers/services/ns/resolver.nix

45 lines
1.0 KiB
Nix
Raw Permalink Normal View History

2024-03-11 17:23:01 +00:00
{ pkgs, ... }: {
networking.firewall.allowedTCPPorts = [
53
];
networking.firewall.allowedUDPPorts = [
53
];
services.unbound = {
enable = true;
settings = {
server = {
access-control = [
"127.0.0.0/8 allow"
"0.0.0.0/0 allow"
];
local-zone = "home.2rjus.net nodefault";
domain-insecure = "home.2rjus.net";
2024-03-11 17:23:01 +00:00
interface = "0.0.0.0";
do-not-query-localhost = "no";
port = "53";
do-ip4 = "yes";
do-ip6 = "no";
do-udp = "yes";
do-tcp = "yes";
};
stub-zone = {
name = "home.2rjus.net";
2024-03-11 17:23:01 +00:00
stub-addr = "127.0.0.1@8053";
};
forward-zone = {
name = ".";
forward-tls-upstream = "yes";
2024-06-27 19:19:11 +00:00
# forward-addr = "1.1.1.1@853#cloudflare-dns.com";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
];
2024-03-11 17:23:01 +00:00
};
};
};
}