mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-02 13:06:11 +01:00
81 lines
1.5 KiB
Nix
81 lines
1.5 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
in {
|
|
services.bind = {
|
|
enable = true;
|
|
forward = "only";
|
|
forwarders = [
|
|
"1.1.1.1 port 53"
|
|
"1.1.0.0 port 53"
|
|
];
|
|
|
|
directory = "/var/lib/bind";
|
|
|
|
cacheNetworks = [
|
|
"10.1.0.0/19"
|
|
"192.168.1.0/24"
|
|
];
|
|
|
|
extraConfig = ''
|
|
logging {
|
|
channel stderr_chan {
|
|
print-category yes;
|
|
print-severity yes;
|
|
|
|
severity dynamic;
|
|
|
|
stderr;
|
|
};
|
|
${lib.concatMapStringsSep "\n" (category: "category ${category} { stderr_chan; };")
|
|
[
|
|
"client"
|
|
"cname"
|
|
"config"
|
|
"database"
|
|
"default"
|
|
"dispatch"
|
|
"dnssec"
|
|
"dnstap"
|
|
"edns-disabled"
|
|
"general"
|
|
"lame-servers"
|
|
"network"
|
|
"notify"
|
|
"nsid"
|
|
"queries"
|
|
"query-errors"
|
|
"rate-limit"
|
|
"resolver"
|
|
"rpz"
|
|
"rpz-passthru"
|
|
"security"
|
|
"serve-stale"
|
|
"spill"
|
|
"sslkeylog"
|
|
"trust-anchor-telemetry"
|
|
"unmatched"
|
|
"update"
|
|
"update-security"
|
|
"xfer-in"
|
|
"xfer-out"
|
|
"zoneload"
|
|
]}
|
|
};
|
|
'';
|
|
extraOptions = ''
|
|
dnssec-validation auto;
|
|
max-cache-size 512M;
|
|
max-ncache-ttl 1M;
|
|
allow-query-cache { cachenetworks; };
|
|
|
|
'';
|
|
};
|
|
|
|
systemd.services.bind.serviceConfig = {
|
|
StandardError = "journal";
|
|
};
|
|
}
|