# This Configuration is meant for local DNS setups only!
{ options, config, lib, pkgs, ... }:

with builtins;
with lib;

let
  fn = import (../. + (toPath "/fn.nix")) { inherit lib; };
  cfg = config.machine;
in mkIf (elem "bind" cfg.services) {
  services.bind = {
    enable = true;
    listenOn = [ "127.0.0.1" ];
    forwarders = [
      # Cloudflare CDN
      "1.1.1.1" "1.0.0.1"
      #CCC DNS
      "204.152.184.76" "159.203.38.175" "207.148.83.241"
    ];
    # TODO: add DNSSEC
    extraOptions = ''
      dnssec-validation auto;

      recursion yes;
      allow-recursion { 127.0.0.1; };
      version none;
    '';
  };
}