summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/default.nix11
-rw-r--r--hosts/surtr/dns/default.nix2
2 files changed, 8 insertions, 5 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index 705f69b3..223e1f10 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -65,6 +65,12 @@ with lib;
65 enable = true; 65 enable = true;
66 rulesetFile = ./ruleset.nft; 66 rulesetFile = ./ruleset.nft;
67 }; 67 };
68 resolvconf = {
69 enable = true;
70 extraConfig = ''
71 name_servers='127.0.0.53'
72 '';
73 };
68 }; 74 };
69 75
70 systemd.network = { 76 systemd.network = {
@@ -78,10 +84,7 @@ with lib;
78 }; 84 };
79 }; 85 };
80 86
81 services.resolved = { 87 services.resolved.enable = false;
82 llmnr = "false";
83 dnssec = "false"; # unbound does dnssec validation for us
84 };
85 88
86 services.ndppd = { 89 services.ndppd = {
87 enable = true; 90 enable = true;
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 65f46b35..53df798e 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -212,7 +212,7 @@ in {
212 212
213 settings = { 213 settings = {
214 server = { 214 server = {
215 interface = ["lo@5353"]; 215 interface = ["lo@5353" "127.0.0.53"];
216 prefer-ip6 = true; 216 prefer-ip6 = true;
217 access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; 217 access-control = ["127.0.0.0/8 allow" "::1/128 allow"];
218 root-hints = "${pkgs.dns-root-data}/root.hints"; 218 root-hints = "${pkgs.dns-root-data}/root.hints";