all repos — nixfiles @ 6df345e70bd0c6180bc1711e0f4b7ab3fb564f25

System and user configuration, managed by nix and home-manager

Update dns server block lists
Alan Pearce alan@alanpearce.eu
Tue, 16 Apr 2024 08:46:49 +0200
commit

6df345e70bd0c6180bc1711e0f4b7ab3fb564f25

parent

3f4828bd28af16177d2157ecd6c989a989f0b672

2 files changed, 10 insertions(+), 0 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -431,6 +431,11 @@ false -- needs wrapped kresd         -- true -- will watch the file for updates
       ))
 
+      policy.add(policy.domains(policy.REFUSE, policy.todnames({
+        'use-application-dns.net',
+        'telemetry.astro.build',
+      })))
+
       -- disable DNSSEC when using Quad9 since they do it
       -- trust_anchors.remove('.')
       -- policy.add(policy.all(policy.TLS_FORWARD({
M system/nanopi.nixsystem/nanopi.nix
@@ -850,6 +850,11 @@ {'2620:fe::11', hostname='dns11.quad9.net'},         {'2620:fe::fe:11', hostname='dns11.quad9.net'}
       })))
 
+      policy.add(policy.domains(policy.REFUSE, policy.todnames({
+        'use-application-dns.net',
+        'telemetry.astro.build',
+      })))
+
       -- policy.add(policy.rpz(
       -- 	policy.DENY_MSG('domain blocked by hblock'),
       -- 	'/etc/knot-resolver/blocklist.rpz',