mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-25 02:56:05 +01:00
configure encrypted dns
This commit is contained in:
parent
dcda81fe98
commit
b8337cd7bf
@ -13,8 +13,10 @@
|
||||
|
||||
# Encrypted, anonymized DNS queries.
|
||||
#
|
||||
# NixOS networking options: https://nixos.wiki/wiki/Encrypted_DNS#Setting_nameservers
|
||||
# Exmaple dnscrypt-proxy config: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
|
||||
# NixOS networking options:
|
||||
# https://nixos.wiki/wiki/Encrypted_DNS#Setting_nameservers
|
||||
# Exmaple dnscrypt-proxy config:
|
||||
# https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
|
||||
# NixOS config examples:
|
||||
# https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
|
||||
# https://github.com/LudovicoPiero/dotfiles/blob/338b0585d195e6644df9bf8b63fd574af7c18e26/cells/workstations/nixosProfiles/dnscrypt2/default.nix
|
||||
@ -33,6 +35,10 @@
|
||||
# don't use adguard and ffmuc DNS servers
|
||||
# Firefox use system DNS
|
||||
|
||||
# TODO Does not work on some WiFi netowrks, e.g. Fritz!Box Guest WiFi
|
||||
# https://docs.pi-hole.net/routers/fritzbox/
|
||||
# The Fritz!Box always sets its own IP as DNS server for the guest network.
|
||||
|
||||
networking.nameservers = [
|
||||
# IPv4
|
||||
"127.0.0.1"
|
||||
@ -71,6 +77,36 @@
|
||||
# Only enable if you don't have a lot of network load.
|
||||
#dnscrypt_ephemeral_keys = false
|
||||
|
||||
# The cipher suite can't be changed for TLS 1.3 connections, see
|
||||
# https://github.com/dnscrypt/dnscrypt-proxy/wiki/Performance#cipher-suites-doh
|
||||
# https://github.com/DNSCrypt/dnscrypt-proxy/issues/2359#issuecomment-1488501839
|
||||
#tls_cipher_suite = ...
|
||||
|
||||
bootstrap_resolvers = [
|
||||
#
|
||||
# Local DNS servers
|
||||
#
|
||||
|
||||
# DNS server of Fritz!Box guest WiFi
|
||||
"192.168.179.1:53"
|
||||
|
||||
#
|
||||
# Public DNS servers
|
||||
#
|
||||
|
||||
# https://www.kuketz-blog.de/empfehlungsecke/#dns
|
||||
# dot.ffmuc.net (supports DNSSEC)
|
||||
"5.1.66.255:53" "185.150.99.255:53"
|
||||
# https://www.kuketz-blog.de/empfehlungsecke/#dns
|
||||
# unfiltered.adguard-dns.com (supports DNSSEC)
|
||||
"94.140.14.140:853" "94.140.14.141:853"
|
||||
|
||||
"9.9.9.11:53" # Quad9
|
||||
"1.1.1.1:53" # Cloudflare
|
||||
"8.8.8.8:53" # Google
|
||||
|
||||
];
|
||||
|
||||
# Use servers reachable over IPv4.
|
||||
ipv4_servers = true;
|
||||
# Use servers reachable over IPv6.
|
||||
|
Loading…
Reference in New Issue
Block a user