zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 4 Pull Requests 1 Releases Wiki Activity

nixos-module/container/dnscache: tuning

This commit is contained in:
Astro 2021-04-15 00:27:23 +02:00
parent e79bb4e297
commit 266fed1c13
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
nix/nixos-module/container/dnscache.nix
View File

@ -23,22 +23,17 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
control-enable: yes
control-use-cert: no
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
# Cloudflare DNS
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
server:
num-threads: 4
verbosity: 1
prefetch: yes
serve-expired: yes
cache-min-ttl: 60
cache-max-ttl: 3600
# For DNS over TLS
tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
# allow reverse lookup of rfc1918 space, which includes the DN42 address space
unblock-lan-zones: yes
insecure-lan-zones: yes
@ -62,6 +57,20 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
local-zone: "200.10.in-addr.arpa." nodefault
local-zone: "201.10.in-addr.arpa." nodefault
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
# Cloudflare DNS
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Local networks
forward-zone: