kyra(hardening): hickory-dns init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-03 15:58:23 +03:00 · 2026-05-03 15:58:23 +03:00 · 614e2c804a
commit 614e2c804a
parent e81f4f0829
1 changed files with 58 additions and 0 deletions
--- a/kyra/services/hickory.nix
+++ b/kyra/services/hickory.nix
@ -0,0 +1,58 @@
+_: {
+  services = {
+    hickory-dns = {
+      enable = true;
+      settings = {
+        remote_resolvers = [
+          {
+            socket_addr = "1.1.1.1:853";
+            protocol = "tls";
+            tls_dns_name = "cloudflare-dns.com";
+          }
+
+          {
+            socket_addr = "1.1.1.1:443";
+            protocol = "https";
+            tls_dns_name = "cloudflare-dns.com";
+          }
+
+          {
+            socket_addr = "9.9.9.9:853";
+            protocol = "tls";
+            tls_dns_name = "dns.quad9.net";
+          }
+
+          {
+            socket_addr = "9.9.9.9:443";
+            protocol = "https";
+            tls_dns_name = "dns.quad9.net";
+          }
+
+          {
+            socket_addr = "8.8.8.8:853";
+            protocol = "tls";
+            tls_dns_name = "dns.google";
+          }
+
+          {
+            socket_addr = "8.8.8.8:443";
+            protocol = "https";
+            tls_dns_name = "dns.google";
+          }
+        ];
+
+        listen_addrs_http = [
+          {
+            socket_addr = "[::]:8053";
+          }
+        ];
+
+        listen_addrs_tcp = [
+          {
+            socket_addr = "[::]:8853";
+          }
+        ];
+      };
+    };
+  };
+}