From 5c7bcc4640753aa691e2272779deece15bcfca94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 28 Apr 2024 23:34:29 +0200
Subject: [PATCH] default: use DoT

---
 config/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/default.nix b/config/default.nix
index 1485f197..b589be19 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -126,8 +126,8 @@
     nameservers = with hostRegistry.dnscache; [
       ip4
       ip6
-      # "9.9.9.9" # often fails to resolve nix-cache.hq.c3d2.de over tcp
-      "1.1.1.1"
+      # "9.9.9.9#dns.quad9.net" # often fails to resolve nix-cache.hq.c3d2.de over tcp
+      "1.1.1.1#cloudflare-dns.com"
     ];
     useHostResolvConf = lib.mkIf (!config.services.resolved.enable) true;
   };
@@ -295,6 +295,8 @@
     };
 
     redis.vmOverCommit = true;
+
+    resolved.dnsovertls = "true";
   };
 
   security.acme = {