vidhar: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-31 15:13:52 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-12-31 15:13:52 +0100
commit: f4301a77c9410f931c61b851bc5c1076d25dae80 (patch)
tree: 7245a5387860fe748c25aaf0a3569d1a5564a852 /hosts/vidhar/dns.nix
parent: 80023979b3541bfb6881fe939dda0f9ed5a687b4 (diff)
download: nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.gz
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.bz2
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.xz
nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/hosts/vidhar/dns.nix b/hosts/vidhar/dns.nix
new file mode 100644
index 00000000..49afc5fc
--- /dev/null
+++ b/hosts/vidhar/dns.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+{
+  config = {
+    services.unbound = {
+      enable = true;
+      resolveLocalQueries = false;
+      stateDir = "/var/lib/unbound";
+      localControlSocketPath = "/run/unbound/unbound.ctl";
+      settings = {
+        server = {
+          interface = ["127.0.0.1" "10.141.0.1" "::0"];
+          access-control = ["0.0.0.0/0 allow" "::/0 allow"];
+          root-hints = "${pkgs.dns-root-data}/root.hints";
+          num-threads = 12;
+          so-reuseport = true;
+          msg-cache-slabs = 16;
+          rrset-cache-slabs = 16;
+          infra-cache-slabs = 16;
+          key-cache-slabs = 16;
+          rrset-cache-size = "100m";
+          msg-cache-size = "50m";
+          outgoing-range = 8192;
+          num-queries-per-thread = 4096;
+          so-rcvbuf = "4m";
+          so-sndbuf = "4m";
+          serve-expired = true;
+          serve-expired-ttl = 86400;
+          serve-expired-reply-ttl = 0;
+          prefetch = true;
+          prefetch-key = true;
+          minimal-responses = false;
+          extended-statistics = true;
+          rrset-roundrobin = true;
+          use-caps-for-id = true;
+        };
+      };
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-31 15:13:52 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-12-31 15:13:52 +0100
commit	f4301a77c9410f931c61b851bc5c1076d25dae80 (patch)
tree	7245a5387860fe748c25aaf0a3569d1a5564a852 /hosts/vidhar/dns.nix
parent	80023979b3541bfb6881fe939dda0f9ed5a687b4 (diff)
download	nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.gz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.bz2 nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.tar.xz nixos-f4301a77c9410f931c61b851bc5c1076d25dae80.zip

diff --git a/hosts/vidhar/dns.nix b/hosts/vidhar/dns.nix new file mode 100644 index 00000000..49afc5fc --- /dev/null +++ b/hosts/vidhar/dns.nix
@@ -0,0 +1,47 @@
	1	{ config, lib, pkgs, ... }:
	2	{
	3	config = {
	4	services.unbound = {
	5	enable = true;
	6	resolveLocalQueries = false;
	7	stateDir = "/var/lib/unbound";
	8	localControlSocketPath = "/run/unbound/unbound.ctl";
	9	settings = {
	10	server = {
	11	interface = ["127.0.0.1" "10.141.0.1" "::0"];
	12	access-control = ["0.0.0.0/0 allow" "::/0 allow"];
	13	root-hints = "${pkgs.dns-root-data}/root.hints";
	14
	15	num-threads = 12;
	16	so-reuseport = true;
	17	msg-cache-slabs = 16;
	18	rrset-cache-slabs = 16;
	19	infra-cache-slabs = 16;
	20	key-cache-slabs = 16;
	21
	22	rrset-cache-size = "100m";
	23	msg-cache-size = "50m";
	24	outgoing-range = 8192;
	25	num-queries-per-thread = 4096;
	26
	27	so-rcvbuf = "4m";
	28	so-sndbuf = "4m";
	29
	30	serve-expired = true;
	31	serve-expired-ttl = 86400;
	32	serve-expired-reply-ttl = 0;
	33
	34	prefetch = true;
	35	prefetch-key = true;
	36
	37	minimal-responses = false;
	38
	39	extended-statistics = true;
	40
	41	rrset-roundrobin = true;
	42	use-caps-for-id = true;
	43	};
	44	};
	45	};
	46	};
	47	}