Use a local caching rdns

2022-01-15 15:03:51 +01:00 · 2022-01-15 15:03:51 +01:00 · 71881a6903
commit 71881a6903
parent 97265da7c0
2 changed files with 17 additions and 0 deletions
--- a/config/nixos-8gb-fsn1-1.nix
+++ b/config/nixos-8gb-fsn1-1.nix
@ -123,4 +123,9 @@
  };

  networking.wireguard.interfaces."wg0".ips = [ "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/64" ];
+  networking.nameservers = [
+    "fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49"
+  ];
+  networking.resolvconf.enable = false;
+  networking.dhcpcd.extraConfig = "nohook resolv.conf";
 }
--- a/config/services/named.nix
+++ b/config/services/named.nix
@ -42,6 +42,18 @@ in
        ${toString listenEntries}
      };
    '';
+    extraOptions = ''
+      allow-recursion {
+        127.0.0.1;
+        ::1;
+        fc00::/7;
+      };
+      recursion yes;
+      response-policy {
+        zone "rpz.int.chir.rs";
+      };
+      dnssec-validation yes;
+    '';
  };
  networking.firewall.allowedTCPPorts = [ 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];