feat(ada): dnsproxy init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-29 00:06:25 +03:00 · 2026-05-29 00:06:25 +03:00 · d03a563188
commit d03a563188
parent f6a3e5e9d7
3 changed files with 63 additions and 52 deletions
--- a/ada/networking/nameservers.nix
+++ b/ada/networking/nameservers.nix
@ -1,29 +1,7 @@
 _: {
  networking = {
    nameservers = [
-      # cf dns
-      "1.1.1.1"
-      "1.0.0.1"
-      "2606:4700:4700::1111"
-      "2606:4700:4700::1001"
-
-      # google dns
-      "8.8.8.8"
-      "8.8.4.4"
-      "2001:4860:4860::8888"
-      "2001:4860:4860::8844"
-
-      # q9 dns
-      "9.9.9.9"
-      "149.112.112.112"
-      "2620:fe::fe"
-      "2620:fe::9"
-
-      # open dns
-      "208.67.222.222"
-      "208.67.220.220"
-      "2620:119:35::35"
-      "2620:119:53::53"
+      "127.0.0.53"
    ];
  };
 }
--- a/ada/services/dnsproxy.nix
+++ b/ada/services/dnsproxy.nix
@ -0,0 +1,43 @@
+_: {
+  services = {
+    dnsproxy = {
+      enable = true;
+      settings = {
+        listen-addrs = [
+          "127.0.0.1"
+          "::1"
+        ];
+
+        listen-ports = [
+          5353
+        ];
+
+        http3 = true;
+        cache = true;
+        cache-size = 4096;
+        all-servers = true;
+        dnssec = true;
+
+        bootstrap = [
+          "1.1.1.1"
+          "8.8.8.8"
+          "9.9.9.9"
+        ];
+
+        upstream = [
+          "https://1.1.1.1/dns-query?host=cloudflare-dns.com"
+          "https://1.0.0.1/dns-query?host=cloudflare-dns.com"
+
+          "https://8.8.8.8/dns-query?host=dns.google"
+          "https://8.8.4.4/dns-query?host=dns.google"
+
+          "https://9.9.9.9/dns-query?quad9.net"
+          "https://149.112.112.112/dns-query?host=quad9.net"
+
+          "https://208.67.222.222/dns-query?host=dns.google"
+          "https://208.67.220.220/dns-query?host=dns.google"
+        ];
+      };
+    };
+  };
+}
--- a/ada/services/resolved.nix
+++ b/ada/services/resolved.nix
@ -2,38 +2,28 @@ _: {
  services = {
    resolved = {
      enable = true;
-      dnsovertls = "true";
-      dnssec = "true";
-      llmnr = "true";
-      domains = [
-        "~."
-      ];
+      settings = {
+        Resolve = {
+          DNSOverTLS = "false";
+          DNSSEC = "false";
+          LLMNR = "false";
+          MulticastDNS = false;

-      fallbackDns = [
-        # cf dns
-        "1.1.1.1"
-        "1.0.0.1"
-        "2606:4700:4700::1111"
-        "2606:4700:4700::1001"
+          DNS = [
+            "127.0.0.1:5353"
+            "[::1]:5353"
+          ];

-        # google dns
-        "8.8.8.8"
-        "8.8.4.4"
-        "2001:4860:4860::8888"
-        "2001:4860:4860::8844"
+          FallbackDNS = [
+            "127.0.0.1:5353"
+            "[::1]:5353"
+          ];

-        # q9 dns
-        "9.9.9.9"
-        "149.112.112.112"
-        "2620:fe::fe"
-        "2620:fe::9"
-
-        # open dns
-        "208.67.222.222"
-        "208.67.220.220"
-        "2620:119:35::35"
-        "2620:119:53::53"
-      ];
+          Domains = [
+            "~."
+          ];
+        };
+      };
    };
  };
 }