nixos-config/machines/fuuko/services/dnsmasq.nix

{ config, lib, ... }:

{
  services.dnsmasq = {
    enable = true;

    extraConfig = ''
      bogus-priv # do not forward revese lookups of internal addresses
      domain-needed # do not forward names without domain
      local-service # only respond to queries from local network
      no-hosts # do not resolve hosts from /etc/hosts
      no-resolv # only use explicitly configured resolvers

      server=/fritz.box/192.168.100.1

      domain=home.sbruder.de

      dhcp-range=192.168.100.20,192.168.100.150,12h
      dhcp-option=option:router,192.168.100.1
    '';
    servers = [
      "127.0.0.1#5353"
      "::1#5353"
    ];
  };

  services.stubby = {
    enable = true;
    listenAddresses = [
      "127.0.0.1@5353"
      "0::1@5353"
    ];
    upstreamServers = (lib.concatMapStrings
      (server: with server; "  - { address_data: ${addr}, tls_auth_name: \"${authName}\" }\n")
      (lib.flatten
        (lib.mapAttrsToList
          (authName: addrs: map (addr: { inherit addr authName; }) addrs)
          {
            "dns.digitale-gesellschaft.ch" = [
              "185.95.218.42"
              "185.95.218.43"
              "2a05:fc84::42"
              "2a05:fc84::43"
            ];
            "dns3.digitalcourage.de" = [
              "5.9.164.112"
            ];
            "dnsovertls.sinodun.com" = [
              "145.100.185.15"
              "2001:610:1:40ba:145:100:185:15"
            ];
            "dnsovertls1.sinodun.com" = [
              "145.100.185.16"
              "2001:610:1:40ba:145:100:185:16"
            ];
          })));
  };

  networking.firewall.allowedUDPPorts = [ 53 67 ];
  networking.firewall.allowedTCPPorts = [ 53 ];
}
fuuko: Add dnsmasq 2021-03-06 17:11:36 +01:00			`{ config, lib, ... }:`

			`{`
			`services.dnsmasq = {`
			`enable = true;`

			`extraConfig = ''`
			`bogus-priv # do not forward revese lookups of internal addresses`
			`domain-needed # do not forward names without domain`
			`local-service # only respond to queries from local network`
			`no-hosts # do not resolve hosts from /etc/hosts`
			`no-resolv # only use explicitly configured resolvers`

			`server=/fritz.box/192.168.100.1`

			`domain=home.sbruder.de`

			`dhcp-range=192.168.100.20,192.168.100.150,12h`
			`dhcp-option=option:router,192.168.100.1`
			`'';`
			`servers = [`
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00			`"127.0.0.1#5353"`
			`"::1#5353"`
			`];`
			`};`
fuuko: Add dnsmasq 2021-03-06 17:11:36 +01:00
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00			`services.stubby = {`
			`enable = true;`
			`listenAddresses = [`
			`"127.0.0.1@5353"`
			`"0::1@5353"`
fuuko: Add dnsmasq 2021-03-06 17:11:36 +01:00			`];`
fuuko/dnsmasq: Use DNS over TLS via stubby 2021-04-03 13:11:09 +02:00			`upstreamServers = (lib.concatMapStrings`
			`(server: with server; " - { address_data: ${addr}, tls_auth_name: \"${authName}\" }\n")`
			`(lib.flatten`
			`(lib.mapAttrsToList`
			`(authName: addrs: map (addr: { inherit addr authName; }) addrs)`
			`{`
			`"dns.digitale-gesellschaft.ch" = [`
			`"185.95.218.42"`
			`"185.95.218.43"`
			`"2a05:fc84::42"`
			`"2a05:fc84::43"`
			`];`
			`"dns3.digitalcourage.de" = [`
			`"5.9.164.112"`
			`];`
			`"dnsovertls.sinodun.com" = [`
			`"145.100.185.15"`
			`"2001:610:1:40ba:145:100:185:15"`
			`];`
			`"dnsovertls1.sinodun.com" = [`
			`"145.100.185.16"`
			`"2001:610:1:40ba:145:100:185:16"`
			`];`
			`})));`
fuuko: Add dnsmasq 2021-03-06 17:11:36 +01:00			`};`

			`networking.firewall.allowedUDPPorts = [ 53 67 ];`
fuuko/dnsmasq: Allow DNS queries over TCP Sharepoint manages to return enormous responses when querying for an AAAA record. $ dig sitename.sharepoint.com AAAA ;; Truncated, retrying in TCP mode. 2021-03-10 09:13:37 +01:00			`networking.firewall.allowedTCPPorts = [ 53 ];`
fuuko: Add dnsmasq 2021-03-06 17:11:36 +01:00			`}`