aboutsummaryrefslogtreecommitdiff
path: root/modules/services/dns/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/dns/default.nix')
-rw-r--r--modules/services/dns/default.nix26
1 files changed, 26 insertions, 0 deletions
diff --git a/modules/services/dns/default.nix b/modules/services/dns/default.nix
new file mode 100644
index 0000000..e229da3
--- /dev/null
+++ b/modules/services/dns/default.nix
@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+{
+ services.unbound = {
+ enable = true;
+ package = pkgs.unbound-with-systemd;
+ enableRootTrustAnchor = true;
+ resolveLocalQueries = true;
+ settings.server = {
+ interface = [ "0.0.0.0" ];
+ port = 53;
+ access-control = [ "10.44.0.0/16 allow" ];
+ harden-glue = true;
+ harden-dnssec-stripped = true;
+ use-caps-for-id = false;
+ edns-buffer-size = 1232;
+ prefetch = true;
+ hide-identity = true;
+ hide-version = true;
+ };
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [ 53 ];
+ allowedUDPPorts = [ 53 ];
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-18 10:59:59 +0000