From d03a563188351cbc766cdc1c739cd614da998fe7 Mon Sep 17 00:00:00 2001
From: s0me1newithhand7s <git+me@hand7s.org>
Date: Fri, 29 May 2026 00:06:25 +0300
Subject: [PATCH] feat(ada): dnsproxy init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
---
 ada/networking/nameservers.nix | 24 +----------------
 ada/services/dnsproxy.nix      | 43 ++++++++++++++++++++++++++++++
 ada/services/resolved.nix      | 48 ++++++++++++++--------------------
 3 files changed, 63 insertions(+), 52 deletions(-)
 create mode 100644 ada/services/dnsproxy.nix

diff --git a/ada/networking/nameservers.nix b/ada/networking/nameservers.nix
index 31726b9..b34e3e9 100644
--- a/ada/networking/nameservers.nix
+++ b/ada/networking/nameservers.nix
@@ -1,29 +1,7 @@
 _: {
   networking = {
     nameservers = [
-      # cf dns
-      "1.1.1.1"
-      "1.0.0.1"
-      "2606:4700:4700::1111"
-      "2606:4700:4700::1001"
-
-      # google dns
-      "8.8.8.8"
-      "8.8.4.4"
-      "2001:4860:4860::8888"
-      "2001:4860:4860::8844"
-
-      # q9 dns
-      "9.9.9.9"
-      "149.112.112.112"
-      "2620:fe::fe"
-      "2620:fe::9"
-
-      # open dns
-      "208.67.222.222"
-      "208.67.220.220"
-      "2620:119:35::35"
-      "2620:119:53::53"
+      "127.0.0.53"
     ];
   };
 }
diff --git a/ada/services/dnsproxy.nix b/ada/services/dnsproxy.nix
new file mode 100644
index 0000000..8d4e5de
--- /dev/null
+++ b/ada/services/dnsproxy.nix
@@ -0,0 +1,43 @@
+_: {
+  services = {
+    dnsproxy = {
+      enable = true;
+      settings = {
+        listen-addrs = [
+          "127.0.0.1"
+          "::1"
+        ];
+
+        listen-ports = [
+          5353
+        ];
+
+        http3 = true;
+        cache = true;
+        cache-size = 4096;
+        all-servers = true;
+        dnssec = true;
+
+        bootstrap = [
+          "1.1.1.1"
+          "8.8.8.8"
+          "9.9.9.9"
+        ];
+
+        upstream = [
+          "https://1.1.1.1/dns-query?host=cloudflare-dns.com"
+          "https://1.0.0.1/dns-query?host=cloudflare-dns.com"
+
+          "https://8.8.8.8/dns-query?host=dns.google"
+          "https://8.8.4.4/dns-query?host=dns.google"
+
+          "https://9.9.9.9/dns-query?quad9.net"
+          "https://149.112.112.112/dns-query?host=quad9.net"
+
+          "https://208.67.222.222/dns-query?host=dns.google"
+          "https://208.67.220.220/dns-query?host=dns.google"
+        ];
+      };
+    };
+  };
+}
diff --git a/ada/services/resolved.nix b/ada/services/resolved.nix
index 8c268e8..6e5a974 100644
--- a/ada/services/resolved.nix
+++ b/ada/services/resolved.nix
@@ -2,38 +2,28 @@ _: {
   services = {
     resolved = {
       enable = true;
-      dnsovertls = "true";
-      dnssec = "true";
-      llmnr = "true";
-      domains = [
-        "~."
-      ];
+      settings = {
+        Resolve = {
+          DNSOverTLS = "false";
+          DNSSEC = "false";
+          LLMNR = "false";
+          MulticastDNS = false;
 
-      fallbackDns = [
-        # cf dns
-        "1.1.1.1"
-        "1.0.0.1"
-        "2606:4700:4700::1111"
-        "2606:4700:4700::1001"
+          DNS = [
+            "127.0.0.1:5353"
+            "[::1]:5353"
+          ];
 
-        # google dns
-        "8.8.8.8"
-        "8.8.4.4"
-        "2001:4860:4860::8888"
-        "2001:4860:4860::8844"
+          FallbackDNS = [
+            "127.0.0.1:5353"
+            "[::1]:5353"
+          ];
 
-        # q9 dns
-        "9.9.9.9"
-        "149.112.112.112"
-        "2620:fe::fe"
-        "2620:fe::9"
-
-        # open dns
-        "208.67.222.222"
-        "208.67.220.220"
-        "2620:119:35::35"
-        "2620:119:53::53"
-      ];
+          Domains = [
+            "~."
+          ];
+        };
+      };
     };
   };
 }