Update dns server block lists
Alan Pearce alan@alanpearce.eu
Tue, 16 Apr 2024 08:46:49 +0200
2 files changed, 10 insertions(+), 0 deletions(-)
M system/linde.nix → system/linde.nix
@@ -431,6 +431,11 @@ false -- needs wrapped kresd -- true -- will watch the file for updates )) + policy.add(policy.domains(policy.REFUSE, policy.todnames({ + 'use-application-dns.net', + 'telemetry.astro.build', + }))) + -- disable DNSSEC when using Quad9 since they do it -- trust_anchors.remove('.') -- policy.add(policy.all(policy.TLS_FORWARD({
M system/nanopi.nix → system/nanopi.nix
@@ -850,6 +850,11 @@ {'2620:fe::11', hostname='dns11.quad9.net'}, {'2620:fe::fe:11', hostname='dns11.quad9.net'} }))) + policy.add(policy.domains(policy.REFUSE, policy.todnames({ + 'use-application-dns.net', + 'telemetry.astro.build', + }))) + -- policy.add(policy.rpz( -- policy.DENY_MSG('domain blocked by hblock'), -- '/etc/knot-resolver/blocklist.rpz',