configure encrypted dns

This commit is contained in:
Daniel Langbein 2024-10-07 12:47:50 +02:00
parent dcda81fe98
commit b8337cd7bf
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002

View File

@ -13,8 +13,10 @@
# Encrypted, anonymized DNS queries.
#
# NixOS networking options: https://nixos.wiki/wiki/Encrypted_DNS#Setting_nameservers
# Exmaple dnscrypt-proxy config: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
# NixOS networking options:
# https://nixos.wiki/wiki/Encrypted_DNS#Setting_nameservers
# Exmaple dnscrypt-proxy config:
# https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
# NixOS config examples:
# https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
# https://github.com/LudovicoPiero/dotfiles/blob/338b0585d195e6644df9bf8b63fd574af7c18e26/cells/workstations/nixosProfiles/dnscrypt2/default.nix
@ -33,6 +35,10 @@
# don't use adguard and ffmuc DNS servers
# Firefox use system DNS
# TODO Does not work on some WiFi netowrks, e.g. Fritz!Box Guest WiFi
# https://docs.pi-hole.net/routers/fritzbox/
# The Fritz!Box always sets its own IP as DNS server for the guest network.
networking.nameservers = [
# IPv4
"127.0.0.1"
@ -71,6 +77,36 @@
# Only enable if you don't have a lot of network load.
#dnscrypt_ephemeral_keys = false
# The cipher suite can't be changed for TLS 1.3 connections, see
# https://github.com/dnscrypt/dnscrypt-proxy/wiki/Performance#cipher-suites-doh
# https://github.com/DNSCrypt/dnscrypt-proxy/issues/2359#issuecomment-1488501839
#tls_cipher_suite = ...
bootstrap_resolvers = [
#
# Local DNS servers
#
# DNS server of Fritz!Box guest WiFi
"192.168.179.1:53"
#
# Public DNS servers
#
# https://www.kuketz-blog.de/empfehlungsecke/#dns
# dot.ffmuc.net (supports DNSSEC)
"5.1.66.255:53" "185.150.99.255:53"
# https://www.kuketz-blog.de/empfehlungsecke/#dns
# unfiltered.adguard-dns.com (supports DNSSEC)
"94.140.14.140:853" "94.140.14.141:853"
"9.9.9.11:53" # Quad9
"1.1.1.1:53" # Cloudflare
"8.8.8.8:53" # Google
];
# Use servers reachable over IPv4.
ipv4_servers = true;
# Use servers reachable over IPv6.