# This Configuration is meant for local DNS setups only!
{
  options,
  config,
  lib,
  fn,
  pkgs,
  ...
}:
with builtins;
with lib; let
  cfg = config.machine;
in
  mkIf (elem "bind" cfg.services) {
    services.bind = {
      enable = true;
      listenOn = ["127.0.0.1"];
      forwarders = [
        # Cloudflare CDN
        "1.1.1.1"
        "1.0.0.1"
        #CCC DNS
        "204.152.184.76"
        "159.203.38.175"
        "207.148.83.241"
      ];
      # TODO: add DNSSEC
      extraOptions = ''
        dnssec-validation auto;

        recursion yes;
        allow-recursion { 127.0.0.1; };
        version none;
      '';
    };
  }