Set up Encrypted DNS resolver

2023-07-27 01:14:36 +02:00 · 2023-07-27 01:14:36 +02:00 · 0a3bcc27ad
parent 477b5abfa8
commit 0a3bcc27ad
1 changed files with 19 additions and 1 deletions
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -112,7 +112,7 @@ in {
      listen-address = [ "127.0.0.1" "192.168.13.2" "10.8.0.1" ];
      bind-interfaces = true;
-      server = [ "51.158.108.203" "137.220.55.93" ];
+      server = [ "127.0.0.1#43" ];
      cache-size = 10000;
      local-ttl = 300;
@ -123,4 +123,22 @@ in {
    };
  };
  # Encrypted DNS
  services.dnscrypt-proxy2 = {
    enable = true;
    settings = {
      ipv6_servers = false;
      require_dnssec = true;
      listen_addresses = [ "127.0.0.1:43" ];
      sources.public-resolvers = {
        urls = [
          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
        ];
        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
        minisign_key =
          "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
      };
    };
  };
 }