{ ... }:

{

  # Loopbacks for DNS resolver IPs
  networking.interfaces.lo.ipv6.addresses = [
    { address = "fd00:152:152::1"; prefixLength = 128; } # Anycast
  ];
  networking.interfaces.lo.ipv4.addresses = [
    { address = "10.152.0.1"; prefixLength = 32; } # Anycast
  ];

  networking.firewall.allowedUDPPorts = [ 53 ];
  networking.firewall.allowedTCPPorts = [ 53 ];

  services.unbound = {
    enable = true;
    resolveLocalQueries = false;
    settings = {
      server = {
        interface = [ "fd00:152:152::1" "10.152.0.1" ];
        access-control = [ "::/0 allow" "0.0.0.0/0 allow" ];
        prefer-ip6 = true;
        prefetch = true;
        serve-expired = true;
        serve-expired-ttl-reset = true;
      };
    };
  };

  # Use Anycast Nameservers
  networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ];

}