diff options
| author | Alan Pearce | 2024-04-16 08:46:49 +0200 |
|---|---|---|
| committer | Alan Pearce | 2024-04-16 08:46:49 +0200 |
| commit | 6df345e70bd0c6180bc1711e0f4b7ab3fb564f25 (patch) | |
| tree | e9dc0c4be852d2e833f26ba22b4cb27c15f818c4 | |
| parent | 3f4828bd28af16177d2157ecd6c989a989f0b672 (diff) | |
| download | nixfiles-6df345e70bd0c6180bc1711e0f4b7ab3fb564f25.tar.lz nixfiles-6df345e70bd0c6180bc1711e0f4b7ab3fb564f25.tar.zst nixfiles-6df345e70bd0c6180bc1711e0f4b7ab3fb564f25.zip | |
Update dns server block lists
| -rw-r--r-- | system/linde.nix | 5 | ||||
| -rwxr-xr-x | system/nanopi.nix | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/system/linde.nix b/system/linde.nix index edccf22f..10425754 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -431,6 +431,11 @@ in -- true -- will watch the file for updates )) + policy.add(policy.domains(policy.REFUSE, policy.todnames({ + 'use-application-dns.net', + 'telemetry.astro.build', + }))) + -- disable DNSSEC when using Quad9 since they do it -- trust_anchors.remove('.') -- policy.add(policy.all(policy.TLS_FORWARD({ diff --git a/system/nanopi.nix b/system/nanopi.nix index 0df57316..2d3551a4 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -850,6 +850,11 @@ in {'2620:fe::fe:11', hostname='dns11.quad9.net'} }))) + policy.add(policy.domains(policy.REFUSE, policy.todnames({ + 'use-application-dns.net', + 'telemetry.astro.build', + }))) + -- policy.add(policy.rpz( -- policy.DENY_MSG('domain blocked by hblock'), -- '/etc/knot-resolver/blocklist.rpz', |