{ config, pkgs, lib, ...}: { networking.firewall.interfaces.ens18.allowedUDPPorts = [ 53 ]; services.coredns = { enable = true; config = '' .:53 { errors log cache prometheus 10.42.10.8:9253 forward . tls://2620:fe::fe tls://9.9.9.9 tls://2620:fe::9 tls://149.112.112.112 { tls_servername dns.quad9.net health_check 5s } } bula22.de { errors log prometheus 10.42.10.8:9353 file /etc/zones/db.bula22.de file /etc/zones/db.42.10.in-addr.arpa. file /etc/zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa. file /etc/zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa. } ''; }; }