simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

shinobu/router: Use dns over https

Browse source 
For some reason, this makes DNS more reliable.
This commit is contained in:
Simon Bruder 2023-09-20 22:11:24 +02:00
parent f1c70dce99
commit b10b83c207
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
machines/shinobu/services/router.nix
View file

@ -207,7 +207,6 @@ in
wg-upstream = { wg-upstream = {
name = "wg-upstream"; name = "wg-upstream";
address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ]; address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ];
dns = [ "10.64.0.1" ];
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
@ -313,9 +312,8 @@ in
# but from lan instead. # but from lan instead.
# So it has to use static configuration. # So it has to use static configuration.
host-record = "switchviech,switchviech.${domain},10.80.1.19"; host-record = "switchviech,switchviech.${domain},10.80.1.19";
server = config.systemd.network.networks.wg-upstream.dns ++ [ server = [
#"9.9.9.9" # dns.quad9.net "127.0.0.1#5053"
#"2620:fe::fe"
]; ];
}; };
}; };
@ -387,4 +385,13 @@ in
UMask = "0077"; UMask = "0077";
}; };
}; };
services.https-dns-proxy = {
enable = true;
provider = {
kind = "custom";
ips = [ "9.9.9.9" "149.112.112.112" ];
url = "https://dns.quad9.net/dns-query";
};
};
} }