From b45eef7cb291d4badffc22beb6768b4f0fa0eda0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 20 Mar 2022 22:42:53 +0100
Subject: vidhar: ...

---
 hosts/vidhar/dns/default.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'hosts')

diff --git a/hosts/vidhar/dns/default.nix b/hosts/vidhar/dns/default.nix
index 1e16c885..5f42af78 100644
--- a/hosts/vidhar/dns/default.nix
+++ b/hosts/vidhar/dns/default.nix
@@ -17,12 +17,14 @@ in {
       resolveLocalQueries = false;
       stateDir = "/var/lib/unbound";
       localControlSocketPath = "/run/unbound/unbound.ctl";
+      enableRootTrustAnchor = false;
       settings = {
         server = {
           interface = ["lo" "lan"];
           prefer-ip6 = true;
           access-control = ["0.0.0.0/0 allow" "::/0 allow"];
           root-hints = "${pkgs.dns-root-data}/root.hints";
+          trust-anchor-file = "${pkgs.dns-root-data}/root.key";
 
           num-threads = 12;
           so-reuseport = true;
-- 
cgit v1.2.3