Browse Source

nixos-module/container/dnscache: tuning

legacy
Astro 1 year ago
parent
commit
266fed1c13
  1. 37
      nix/nixos-module/container/dnscache.nix

37
nix/nixos-module/container/dnscache.nix

@ -23,22 +23,17 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
control-enable: yes
control-use-cert: no
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
# Cloudflare DNS
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
server:
num-threads: 4
verbosity: 1
prefetch: yes
serve-expired: yes
cache-min-ttl: 60
cache-max-ttl: 3600
# For DNS over TLS
tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
unblock-lan-zones: yes
insecure-lan-zones: yes
@ -62,6 +57,20 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
local-zone: "200.10.in-addr.arpa." nodefault
local-zone: "201.10.in-addr.arpa." nodefault
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
# Cloudflare DNS
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Local networks
forward-zone:

Loading…
Cancel
Save