os/hosts/dumpyourvms/unbound.nix

55 lines
1.6 KiB
Nix

{
enable = true;
localControlSocketPath = "/run/unbound/unbound.ctl";
settings = {
server = {
cache-max-ttl = 14400;
cache-min-ttl = 1200;
aggressive-nsec = true;
prefetch = false;
rrset-roundrobin = true;
use-caps-for-id = true;
do-ip6 = false;
hide-identity = true;
hide-version = true;
do-not-query-localhost = false;
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
};
# fritz.box stub zone
stub-zone = {
name = "fritz.box";
stub-addr = "192.168.13.1";
};
# DNS over DLS forwarding
forward-zone = {
name = ".";
forward-tls-upstream = true;
forward-addr = [
"5.1.66.255@853#dot.ffmuc.net"
"185.150.99.255@853#dot.ffmuc.net"
"145.100.185.18@853#dnsovertls3.sinodun.com"
"89.233.43.71@853#unicast.censurfridns.dk"
"94.130.110.185@853#ns1.dnsprivacy.at"
"2001:678:e68:f000::@853#dot.ffmuc.net"
"2001:678:ed0:f000::@853#dot.ffmuc.net"
"2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com"
"2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
"2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
"2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"
"2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com"
"2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com"
"2a04:b900:0:100::38@853#getdnsapi.net"
"145.100.185.15@853#dnsovertls.sinodun.com"
"145.100.185.16@853#dnsovertls1.sinodun.com"
"185.49.141.37@853#getdnsapi.net"
];
};
};
}