35 lines
840 B
Nix
35 lines
840 B
Nix
{ ... }:
|
|
|
|
{
|
|
|
|
# Loopbacks for DNS resolver IPs
|
|
networking.interfaces.lo.ipv6.addresses = [
|
|
{ address = "fd00:152:152::1"; prefixLength = 128; } # Anycast
|
|
];
|
|
networking.interfaces.lo.ipv4.addresses = [
|
|
{ address = "10.152.0.1"; prefixLength = 32; } # Anycast
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
|
|
|
services.unbound = {
|
|
enable = true;
|
|
resolveLocalQueries = false;
|
|
settings = {
|
|
server = {
|
|
interface = [ "fd00:152:152::1" "10.152.0.1" ];
|
|
access-control = [ "::/0 allow" "0.0.0.0/0 allow" ];
|
|
prefer-ip6 = true;
|
|
prefetch = true;
|
|
serve-expired = true;
|
|
serve-expired-ttl-reset = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Use Anycast Nameservers
|
|
networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ];
|
|
|
|
}
|