dotfiles/system/nixos/unbound.nix

64 lines
1.3 KiB
Nix
Raw Normal View History

2024-07-20 16:15:04 +00:00
{ lib, ... }:
2023-08-20 23:08:23 +00:00
{
services.unbound = {
enable = true;
resolveLocalQueries = false;
settings = {
server = {
interface = [ "127.0.0.1" ];
port = 6053;
verbosity = 0;
do-ip4 = true;
do-ip6 = true;
do-udp = true;
do-tcp = true;
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
edns-buffer-size = 1232;
num-threads = 1;
so-rcvbuf = "1m";
2024-05-25 13:47:17 +00:00
unblock-lan-zones = true;
insecure-lan-zones = true;
2023-08-20 23:08:23 +00:00
private-address = [
"192.168.0.0/16"
"169.254.0.0/16"
"172.16.0.0/12"
"10.0.0.0/8"
2024-07-18 21:07:07 +00:00
"100.64.0.0/10"
2023-08-20 23:08:23 +00:00
"fd00::/8"
"fe80::/10"
2024-07-18 21:07:07 +00:00
"fd7a:115c:a1e0::/96"
2023-08-20 23:08:23 +00:00
];
};
2024-05-25 13:47:17 +00:00
2024-07-20 16:15:04 +00:00
forward-zone = (builtins.map
(octet:
{
name = "${builtins.toString octet}.100.in-addr.arpa.";
forward-addr = "100.100.100.100";
})
(lib.range 64 127)) ++ [
{
name = "0.0.0.0.0.0.0.0.0.0.0.0.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.";
forward-addr = "100.100.100.100";
}
2024-05-25 13:47:17 +00:00
{
name = "in-addr.arpa.";
forward-addr = "10.0.0.1";
}
];
2023-08-20 23:08:23 +00:00
};
};
}