27 lines
499 B
Nix
27 lines
499 B
Nix
{lib, ...}: {
|
|
networking.nameservers = [
|
|
# https://dnsforge.de/
|
|
"176.9.93.198"
|
|
"176.9.1.117"
|
|
|
|
# TODO: enable IPv6
|
|
# "2a01:4f8:151:34aa::198"
|
|
# "2a01:4f8:141:316d::117"
|
|
];
|
|
|
|
services.resolved = {
|
|
enable = true;
|
|
dnssec = "true";
|
|
domains = ["~."];
|
|
|
|
# TODO: figure out why "true" doesn't work
|
|
dnsovertls = "opportunistic";
|
|
|
|
fallbackDns = lib.mkForce [];
|
|
|
|
# TODO: IPv6
|
|
# extraConfig = ''
|
|
# DNSStubListenerExtra=[::1]:53
|
|
# '';
|
|
};
|
|
}
|