diff --git a/modules/dns/earth.nix b/modules/dns/earth.nix index bcf60085..4ab3be48 100644 --- a/modules/dns/earth.nix +++ b/modules/dns/earth.nix @@ -1,28 +1,47 @@ { ... }: let - DNS = builtins.concatStringsSep " " [ - "2606:4700:4700::1111#one.one.one.one" - "2606:4700:4700::1001#one.one.one.one" - "1.1.1.1#one.one.one.one" - "1.0.0.1#one.one.one.one" - "2001:4860:4860::8888#dns.google" - "2001:4860:4860::8844#dns.google" - "8.8.8.8#dns.google" - "8.8.4.4#dns.google" + Bootstrap = map (x: x + " -bootstrap-dns") [ + # Cloudflare DNS + "2606:4700:4700::1111" + "2606:4700:4700::1001" + "1.1.1.1" + "1.0.0.1" + + # Google DNS + "2001:4860:4860::8888" + "2001:4860:4860::8844" + "8.8.8.8" + "8.8.4.4" + ]; + + DoH = [ + "https://cloudflare-dns.com/dns-query" + "https://dns.google/dns-query" ]; in { - services.resolved = { - extraConfig = '' - DNS=${DNS} - FallbackDNS= - Domains=~. - LLMNR=false - MulticastDNS=false - DNSOverTLS=true - DNSStubListenerExtra=127.0.0.1 - ''; + + environment.etc."resolv.conf".text = '' + nameserver 127.0.0.1 + options edns0 trust-ad + search . + ''; + + services = { + resolved.enable = false; + smartdns = { + enable = true; + settings = { + bind = "127.0.0.1:53"; + dualstack-ip-selection = true; + log-syslog = true; + prefetch-domain = true; + server = Bootstrap; + server-https = DoH; + speed-check-mode = "ping"; + }; + }; }; }