nixos-module/container/dnscache: tuning
This commit is contained in:
parent
e79bb4e297
commit
266fed1c13
|
@ -23,22 +23,17 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
|||
control-enable: yes
|
||||
control-use-cert: no
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
# Quad9
|
||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||
forward-addr: 2620:fe::9@853#dns.quad9.net
|
||||
forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||
# Cloudflare DNS
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
|
||||
server:
|
||||
num-threads: 4
|
||||
verbosity: 1
|
||||
prefetch: yes
|
||||
serve-expired: yes
|
||||
cache-min-ttl: 60
|
||||
cache-max-ttl: 3600
|
||||
|
||||
# For DNS over TLS
|
||||
tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
|
||||
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
|
||||
unblock-lan-zones: yes
|
||||
insecure-lan-zones: yes
|
||||
|
@ -62,6 +57,20 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
|||
local-zone: "200.10.in-addr.arpa." nodefault
|
||||
local-zone: "201.10.in-addr.arpa." nodefault
|
||||
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
# Quad9
|
||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||
forward-addr: 2620:fe::9@853#dns.quad9.net
|
||||
forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||
# Cloudflare DNS
|
||||
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
|
||||
# Local networks
|
||||
|
||||
forward-zone:
|
||||
|
|
Loading…
Reference in New Issue