nixos/services/bind.nix

37 lines
606 B
Nix

# This Configuration is meant for local DNS setups only!
{
options,
config,
lib,
fn,
pkgs,
...
}:
with builtins;
with lib;
let
cfg = config.machine;
in
mkIf (elem "bind" cfg.services) {
services.bind = {
enable = true;
listenOn = [ "127.0.0.1" ];
forwarders = [
# Cloudflare CDN
"1.1.1.1"
"1.0.0.1"
#CCC DNS
"204.152.184.76"
"159.203.38.175"
"207.148.83.241"
];
# TODO: add DNSSEC
extraOptions = ''
dnssec-validation auto;
recursion yes;
allow-recursion { 127.0.0.1; };
version none;
'';
};
}