{ ... }: { # Loopbacks for DNS resolver IPs networking.interfaces.lo.ipv6.addresses = [ { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast ]; networking.interfaces.lo.ipv4.addresses = [ { address = "10.152.0.1"; prefixLength = 32; } # Anycast ]; networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ]; services.unbound = { enable = true; resolveLocalQueries = false; settings = { server = { interface = [ "fd00:152:152::1" "10.152.0.1" ]; access-control = [ "::/0 allow" "0.0.0.0/0 allow" ]; prefer-ip6 = true; prefetch = true; serve-expired = true; serve-expired-ttl-reset = true; }; }; }; # Use Anycast Nameservers networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ]; }