55 lines
1.6 KiB
Nix
55 lines
1.6 KiB
Nix
{
|
|
enable = true;
|
|
localControlSocketPath = "/run/unbound/unbound.ctl";
|
|
settings = {
|
|
server = {
|
|
cache-max-ttl = 14400;
|
|
cache-min-ttl = 1200;
|
|
aggressive-nsec = true;
|
|
prefetch = false;
|
|
rrset-roundrobin = true;
|
|
use-caps-for-id = true;
|
|
do-ip6 = false;
|
|
hide-identity = true;
|
|
hide-version = true;
|
|
do-not-query-localhost = false;
|
|
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
|
|
};
|
|
|
|
# fritz.box stub zone
|
|
stub-zone = {
|
|
name = "fritz.box";
|
|
stub-addr = "192.168.13.1";
|
|
};
|
|
|
|
# DNS over DLS forwarding
|
|
forward-zone = {
|
|
name = ".";
|
|
forward-tls-upstream = true;
|
|
|
|
forward-addr = [
|
|
"5.1.66.255@853#dot.ffmuc.net"
|
|
"185.150.99.255@853#dot.ffmuc.net"
|
|
"145.100.185.18@853#dnsovertls3.sinodun.com"
|
|
"89.233.43.71@853#unicast.censurfridns.dk"
|
|
"94.130.110.185@853#ns1.dnsprivacy.at"
|
|
|
|
"2001:678:e68:f000::@853#dot.ffmuc.net"
|
|
"2001:678:ed0:f000::@853#dot.ffmuc.net"
|
|
"2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com"
|
|
"2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
|
|
"2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
|
|
"2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"
|
|
|
|
"2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com"
|
|
"2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com"
|
|
"2a04:b900:0:100::38@853#getdnsapi.net"
|
|
|
|
"145.100.185.15@853#dnsovertls.sinodun.com"
|
|
"145.100.185.16@853#dnsovertls1.sinodun.com"
|
|
"185.49.141.37@853#getdnsapi.net"
|
|
];
|
|
};
|
|
};
|
|
}
|