From bf2c03bda8e840ea0aaa0563630ac6acb777d468 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 10 Nov 2016 21:29:38 +0100
Subject: bisect networks, unbound locally, nsd for remote

---
 ymir.nix | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index e3fb7e99..1ee1201c 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -157,6 +157,10 @@ in rec {
       ipv6Address = "2a03:4000:6:d004::";
       ipv6PrefixLength = 64;
     };
+    dnsExtensionMechanism = true;
+    nameservers = [ "localhost" "10.141.1.1" "8.8.8.8" "8.8.4.4" ];
+    domain = [ "niflheim.yggdrasil" ];
+    search = [ "niflheim.yggdrasil" "yggdrasil" "asgard.yggdrasil" "yourvserver.net" ];
   };
 
   users.extraUsers.root = let
@@ -247,7 +251,7 @@ in rec {
     inherit (pkgs) stdenv nettools openresolv;
     name = "ymir";
     connect = false;
-    useDNS = true;
+    useDNS = false;
     ipConf = {
       ip4 = [ { address = "10.141.5.1"; prefixLength = 16; } ];
     };
@@ -646,7 +650,7 @@ in rec {
   services.nsd = {
     enable = true;
     verbosity = 3;
-    interfaces = [ "127.0.0.1" "::1" "10.141.5.1" "10.142.0.3" "188.68.51.254" "2a03:4000:6:d004::" ];
+    interfaces = [ "10.142.0.3" "188.68.51.254" "2a03:4000:6:d004::" ];
     ipTransparent = true;
     zones = {
       "inwx" = {
@@ -662,7 +666,7 @@ in rec {
   services.unbound = {
     enable = true;
     allowedAccess = ["127.0.0.0/8" "::ffff:127.0.0.0/104" "::1/128" "10.141.0.0/16"];
-    interfaces = ["127.0.0.1@5353" "::1@5353" "10.141.5.1@5353"];
+    interfaces = ["127.0.0.1" "::1" "10.141.5.1"];
     extraConfig = ''
       verbosity: 1
     
-- 
cgit v1.2.3