feat(ada): dnsproxy init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-29 00:06:25 +03:00 · 2026-05-29 00:06:25 +03:00 · d03a563188
commit d03a563188
parent f6a3e5e9d7
3 changed files with 63 additions and 52 deletions
--- a/ada/networking/nameservers.nix
+++ b/ada/networking/nameservers.nix
@ -1,29 +1,7 @@
 _: {
  networking = {
    nameservers = [
-      # cf dns
+      "127.0.0.53"
      "1.1.1.1"
      "1.0.0.1"
      "2606:4700:4700::1111"
      "2606:4700:4700::1001"
      # google dns
      "8.8.8.8"
      "8.8.4.4"
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
      # q9 dns
      "9.9.9.9"
      "149.112.112.112"
      "2620:fe::fe"
      "2620:fe::9"
      # open dns
      "208.67.222.222"
      "208.67.220.220"
      "2620:119:35::35"
      "2620:119:53::53"
    ];
  };
 }
--- a/ada/services/dnsproxy.nix
+++ b/ada/services/dnsproxy.nix
@ -0,0 +1,43 @@
 _: {
  services = {
    dnsproxy = {
      enable = true;
      settings = {
        listen-addrs = [
          "127.0.0.1"
          "::1"
        ];
        listen-ports = [
          5353
        ];
        http3 = true;
        cache = true;
        cache-size = 4096;
        all-servers = true;
        dnssec = true;
        bootstrap = [
          "1.1.1.1"
          "8.8.8.8"
          "9.9.9.9"
        ];
        upstream = [
          "https://1.1.1.1/dns-query?host=cloudflare-dns.com"
          "https://1.0.0.1/dns-query?host=cloudflare-dns.com"
          "https://8.8.8.8/dns-query?host=dns.google"
          "https://8.8.4.4/dns-query?host=dns.google"
          "https://9.9.9.9/dns-query?quad9.net"
          "https://149.112.112.112/dns-query?host=quad9.net"
          "https://208.67.222.222/dns-query?host=dns.google"
          "https://208.67.220.220/dns-query?host=dns.google"
        ];
      };
    };
  };
 }
--- a/ada/services/resolved.nix
+++ b/ada/services/resolved.nix
@ -2,38 +2,28 @@ _: {
  services = {
    resolved = {
      enable = true;
-      dnsovertls = "true";
+      settings = {
-      dnssec = "true";
+        Resolve = {
-      llmnr = "true";
+          DNSOverTLS = "false";
-      domains = [
+          DNSSEC = "false";
-        "~."
+          LLMNR = "false";
-      ];
+          MulticastDNS = false;
-      fallbackDns = [
+          DNS = [
-        # cf dns
+            "127.0.0.1:5353"
-        "1.1.1.1"
+            "[::1]:5353"
-        "1.0.0.1"
+          ];
        "2606:4700:4700::1111"
        "2606:4700:4700::1001"
-        # google dns
+          FallbackDNS = [
-        "8.8.8.8"
+            "127.0.0.1:5353"
-        "8.8.4.4"
+            "[::1]:5353"
-        "2001:4860:4860::8888"
+          ];
        "2001:4860:4860::8844"
-        # q9 dns
+          Domains = [
-        "9.9.9.9"
+            "~."
-        "149.112.112.112"
+          ];
-        "2620:fe::fe"
+        };
-        "2620:fe::9"
+      };
        # open dns
        "208.67.222.222"
        "208.67.220.220"
        "2620:119:35::35"
        "2620:119:53::53"
      ];
    };
  };
 }