diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/default.nix | 11 | ||||
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 705f69b3..223e1f10 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
@@ -65,6 +65,12 @@ with lib; | |||
65 | enable = true; | 65 | enable = true; |
66 | rulesetFile = ./ruleset.nft; | 66 | rulesetFile = ./ruleset.nft; |
67 | }; | 67 | }; |
68 | resolvconf = { | ||
69 | enable = true; | ||
70 | extraConfig = '' | ||
71 | name_servers='127.0.0.53' | ||
72 | ''; | ||
73 | }; | ||
68 | }; | 74 | }; |
69 | 75 | ||
70 | systemd.network = { | 76 | systemd.network = { |
@@ -78,10 +84,7 @@ with lib; | |||
78 | }; | 84 | }; |
79 | }; | 85 | }; |
80 | 86 | ||
81 | services.resolved = { | 87 | services.resolved.enable = false; |
82 | llmnr = "false"; | ||
83 | dnssec = "false"; # unbound does dnssec validation for us | ||
84 | }; | ||
85 | 88 | ||
86 | services.ndppd = { | 89 | services.ndppd = { |
87 | enable = true; | 90 | enable = true; |
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 65f46b35..53df798e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -212,7 +212,7 @@ in { | |||
212 | 212 | ||
213 | settings = { | 213 | settings = { |
214 | server = { | 214 | server = { |
215 | interface = ["lo@5353"]; | 215 | interface = ["lo@5353" "127.0.0.53"]; |
216 | prefer-ip6 = true; | 216 | prefer-ip6 = true; |
217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; | 217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; |
218 | root-hints = "${pkgs.dns-root-data}/root.hints"; | 218 | root-hints = "${pkgs.dns-root-data}/root.hints"; |