summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--system/nano.nix20
1 files changed, 10 insertions, 10 deletions
diff --git a/system/nano.nix b/system/nano.nix
index d8f151e0..b9f32eaa 100644
--- a/system/nano.nix
+++ b/system/nano.nix
@@ -59,11 +59,11 @@ in
       "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ];
       "192.168.100.1" = [ "modem" "pyur" ];
     };
-    nameservers = [
-      "2620::fe:fe"
-      "2620::fe:9"
-      "9.9.9.9"
-      "149.112.112.112"
+    nameservers = map (ns: "${ns}#dns11.quad9.net") [
+      "9.9.9.11"
+      "149.112.112.11"
+      "2620:fe::11"
+      "2620:fe::fe:11"
     ];
     firewall = {
       trustedInterfaces = [
@@ -141,6 +141,9 @@ in
           IPv4Forwarding = true;
           LLMNR = false;
           MulticastDNS = false;
+          DNSDefaultRoute = true;
+          DNS = config.networking.nameservers;
+          DNSOverTLS = true;
         };
         dhcpV4Config = {
           UseDNS = false;
@@ -180,13 +183,12 @@ in
   services.resolved = {
     enable = true;
     llmnr = "false";
-    fallbackDns = config.networking.nameservers;
   };
 
   services.dnsmasq = {
     enable = dnsmasqEnable;
     alwaysKeepRunning = true;
-    resolveLocalQueries = true;
+    resolveLocalQueries = false;
     settings = {
       inherit domain;
       interface = lan;
@@ -204,9 +206,7 @@ in
       quiet-ra = true;
       enable-ra = true;
 
-      dnssec = true;
-      trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
-      server = config.networking.nameservers;
+      server = [ "127.0.0.53" ];
 
       expand-hosts = true;
       localise-queries = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-22 17:09:23 +0000