From f805ce37981a699981ae25dfd1943dc3db33b90e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 13 Nov 2024 08:41:39 +0100 Subject: ... --- hosts/surtr/default.nix | 11 +++++++---- hosts/surtr/dns/default.nix | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'hosts') diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 705f69b3..223e1f10 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix @@ -65,6 +65,12 @@ with lib; enable = true; rulesetFile = ./ruleset.nft; }; + resolvconf = { + enable = true; + extraConfig = '' + name_servers='127.0.0.53' + ''; + }; }; systemd.network = { @@ -78,10 +84,7 @@ with lib; }; }; - services.resolved = { - llmnr = "false"; - dnssec = "false"; # unbound does dnssec validation for us - }; + services.resolved.enable = false; services.ndppd = { enable = true; diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 65f46b35..53df798e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -212,7 +212,7 @@ in { settings = { server = { - interface = ["lo@5353"]; + interface = ["lo@5353" "127.0.0.53"]; prefer-ip6 = true; access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; root-hints = "${pkgs.dns-root-data}/root.hints"; -- cgit v1.2.3