From 4d6c618cbc204acd0df7c3cda394d73c4c12dd8a Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Sun, 3 May 2026 16:00:06 +0300 Subject: [PATCH] kyra(hardening): resolved is now using hickory selfhosted Signed-off-by: s0me1newithhand7s --- kyra/services/resolved.nix | 57 +++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/kyra/services/resolved.nix b/kyra/services/resolved.nix index ad91e2a..f97c61f 100644 --- a/kyra/services/resolved.nix +++ b/kyra/services/resolved.nix @@ -2,38 +2,39 @@ _: { services = { resolved = { enable = true; - dnsovertls = toString true; - dnssec = toString true; - llmnr = toString true; - domains = [ - "~." - ]; + settings = { + Resolve = { + DNSOverTLS = true; + DNSSEC = true; + Domains = [ + "~." + ]; - fallbackDns = [ - # cf dns - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" + DNS = [ + # hand7s dns + "127.0.0.1#dns.hand7s.org" + "::1#dns.hand7s.org" - # google dns - "8.8.8.8" - "8.8.4.4" - "2001:4860:4860::8888" - "2001:4860:4860::8844" + # cf dns + "1.1.1.1#cloudflare-dns.com" + "1.0.0.1#cloudflare-dns.com" + "2606:4700:4700::1111#cloudflare-dns.com" + "2606:4700:4700::1001#cloudflare-dns.com" - # q9 dns - "9.9.9.9" - "149.112.112.112" - "2620:fe::fe" - "2620:fe::9" + # google dns + "8.8.8.8#dns.google" + "8.8.4.4#dns.google" + "2001:4860:4860::8888#dns.google" + "2001:4860:4860::8844#dns.google" - # open dns - "208.67.222.222" - "208.67.220.220" - "2620:119:35::35" - "2620:119:53::53" - ]; + # q9 dns + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "2620:fe::fe#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + ]; + }; + }; }; }; }