From 266fed1c132ab21f3c1de2b744f13aec71072590 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 15 Apr 2021 00:27:23 +0200
Subject: [PATCH] nixos-module/container/dnscache: tuning

---
 nix/nixos-module/container/dnscache.nix | 37 +++++++++++++++----------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/nix/nixos-module/container/dnscache.nix b/nix/nixos-module/container/dnscache.nix
index 6a9dfaa..5dcc932 100644
--- a/nix/nixos-module/container/dnscache.nix
+++ b/nix/nixos-module/container/dnscache.nix
@@ -23,22 +23,17 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
         control-enable: yes
         control-use-cert: no
 
-      forward-zone:
-        name: "."
-        forward-tls-upstream: yes
-        # Quad9
-        forward-addr: 2620:fe::fe@853#dns.quad9.net
-        forward-addr: 9.9.9.9@853#dns.quad9.net
-        forward-addr: 2620:fe::9@853#dns.quad9.net
-        forward-addr: 149.112.112.112@853#dns.quad9.net
-        # Cloudflare DNS
-        forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-        forward-addr: 1.1.1.1@853#cloudflare-dns.com
-        forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
-        forward-addr: 1.0.0.1@853#cloudflare-dns.com
-
       server:
+        num-threads: 4
+        verbosity: 1
+        prefetch: yes
+        serve-expired: yes
+        cache-min-ttl: 60
+        cache-max-ttl: 3600
+
+        # For DNS over TLS
         tls-cert-bundle: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+
         # allow reverse lookup of rfc1918 space, which includes the DN42 address space
         unblock-lan-zones: yes
         insecure-lan-zones: yes
@@ -62,6 +57,20 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
         local-zone: "200.10.in-addr.arpa." nodefault
         local-zone: "201.10.in-addr.arpa." nodefault
 
+      forward-zone:
+        name: "."
+        forward-tls-upstream: yes
+        # Quad9
+        forward-addr: 2620:fe::fe@853#dns.quad9.net
+        forward-addr: 9.9.9.9@853#dns.quad9.net
+        forward-addr: 2620:fe::9@853#dns.quad9.net
+        forward-addr: 149.112.112.112@853#dns.quad9.net
+        # Cloudflare DNS
+        forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+        forward-addr: 1.1.1.1@853#cloudflare-dns.com
+        forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+        forward-addr: 1.0.0.1@853#cloudflare-dns.com
+
       # Local networks
 
       forward-zone: