{ config, pkgs, lib, ...}: { networking.firewall.interfaces.ens19.allowedUDPPorts = [ 53 ]; services.coredns = { enable = true; config = '' .:53 { errors log cache prometheus 10.42.10.8:9253 forward . tls://2620:fe::fe tls://9.9.9.9 tls://2620:fe::9 tls://149.112.112.112 { tls_servername dns.quad9.net health_check 5s } } ''; }; }