39 lines
735 B
Nix
39 lines
735 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
services.unbound = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
# Listen only locally
|
|
interface = ["127.0.0.1"];
|
|
port = 5335;
|
|
access-control = ["127.0.0.1 allow"];
|
|
|
|
# Recommended hardening
|
|
harden-glue = true;
|
|
harden-dnssec-stripped = true;
|
|
use-caps-for-id = false;
|
|
|
|
# Performance
|
|
prefetch = true;
|
|
edns-buffer-size = 1232;
|
|
|
|
# Privacy
|
|
hide-identity = true;
|
|
hide-version = true;
|
|
};
|
|
|
|
forward-zone = [
|
|
{
|
|
name = ".";
|
|
forward-addr = ["dns.mycloudhaus.xyz@853"];
|
|
forward-tls-upstream = true; # Enable DoT
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|