Add recursive dns server to router

2022-01-02 16:39:27 +01:00 · 2022-01-02 16:39:27 +01:00 · 3827c06fdf
commit 3827c06fdf
parent c8884c45bf
1 changed files with 15 additions and 2 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@ -65,6 +65,8 @@
  networking.interfaces."enp1s0.202".ipv4.addresses = [
    { address = "192.168.32.1"; prefixLength = 24; }
  ];
+  # Use Anycast Nameservers
+  networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ];

  networking.nat = {
    enableIPv6 = true;
@ -80,7 +82,7 @@
      AdvSendAdvert on;
      prefix 2a01:4f8:1c0c:8221::/64 {};
      route ::/0 {};
-      RDNSS 2a01:4f8:251:554::2 {};
+      RDNSS fd00:152:152::1 {};
      DNSSL net.clerie.de {};
    };
  '';
@ -123,7 +125,7 @@
    };
  };

-  networking.firewall.allowedUDPPorts = [ 60001 ];
+  networking.firewall.allowedUDPPorts = [ 53 60001 ];

  networking.firewall.extraCommands = ''
    iptables -A FORWARD -i enp1s0.202 -o ppp-ntvdsl -j ACCEPT
@ -328,5 +330,16 @@
    pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY=";
  };

+  services.unbound = {
+    enable = true;
+    resolveLocalQueries = false;
+    settings = {
+      server = {
+        interface = [ "fd00:152:152::1" "10.152.0.1" ];
+        access-control = [ "::/0 allow" "0.0.0.0/0 allow" ];
+      };
+    };
+  };
+
  system.stateVersion = "21.03";
 }