simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

fuuko: Use plain DNS again

Browse source 
DNS over HTTPS often is unreliable in practice (did not empirically test
this).
This commit is contained in:
Simon Bruder 2021-07-25 23:07:41 +02:00
parent e5d82f7087
commit a1facf530f
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 1 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
machines/fuuko/services/dnsmasq.nix
View file

@ -19,8 +19,7 @@
dhcp-option=option:router,192.168.100.1 dhcp-option=option:router,192.168.100.1
''; '';
servers = [ servers = [
"127.0.0.1#5353" "194.150.168.168" # dns.as250.net
"::1#5353"
]; ];
}; };
@ -36,20 +35,6 @@
leasesPath = "/var/lib/dnsmasq/dnsmasq.leases"; leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
}; };
systemd.services.https-dns-proxy = {
after = [ "network.target" ];
before = [ "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.https-dns-proxy}/bin/https_dns_proxy -p 5353 -r https://dns.digitale-gesellschaft.ch/dns-query";
Restart = "on-failure";
TimeoutStopSec = "10";
DynamicUser = true;
};
};
networking.firewall.allowedUDPPorts = [ 53 67 ]; networking.firewall.allowedUDPPorts = [ 53 67 ];
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
} }