1
0
Files
configuration
flake
hosts
_iso
aluminium
astatine
backup-4
beryllium
carbon
configuration.nix
dns.nix
hardware-configuration.nix
mdns.nix
net-dsl.nix
net-gastnetz.nix
net-heimnetz.nix
net-iot.nix
net-lte.nix
net-mgmt.nix
net-printer.nix
net-voip.nix
ntp.nix
ppp.nix
scan-to-gpg.nix
secrets.json
ssh.pub
wg-clerie.nix
clerie-backup
dn42-il-gw1
dn42-il-gw5
dn42-il-gw6
dn42-ildix-clerie
dn42-ildix-service
gatekeeper
hydra-1
hydra-2
krypton
mail-2
monitoring-3
nonat
osmium
palladium
porter
storage-2
tungsten
web-2
zinc
lib
modules
pkgs
profiles
users
.gitignore
README.md
flake.lock
flake.nix
nixfiles/hosts/carbon/dns.nix

35 lines
840 B
Nix

{ ... }:
{
# Loopbacks for DNS resolver IPs
networking.interfaces.lo.ipv6.addresses = [
{ address = "fd00:152:152::1"; prefixLength = 128; } # Anycast
];
networking.interfaces.lo.ipv4.addresses = [
{ address = "10.152.0.1"; prefixLength = 32; } # Anycast
];
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.unbound = {
enable = true;
resolveLocalQueries = false;
settings = {
server = {
interface = [ "fd00:152:152::1" "10.152.0.1" ];
access-control = [ "::/0 allow" "0.0.0.0/0 allow" ];
prefer-ip6 = true;
prefetch = true;
serve-expired = true;
serve-expired-ttl-reset = true;
};
};
};
# Use Anycast Nameservers
networking.nameservers = [ "fd00:152:152::1" "10.152.0.1" ];
}