From 6f9a7ffdaf62ec53378a8bd0a2f11737731069fe Mon Sep 17 00:00:00 2001 From: Miraty Date: Sat, 27 Jan 2024 15:04:34 +0100 Subject: [PATCH] =?UTF-8?q?systemd-resolved=20=E2=86=92=20knot-resolver?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mkosi.conf | 1 + mkosi.extra/etc/knot-resolver/kresd.conf | 19 +++++++++++++++++++ mkosi.extra/etc/resolv.conf | 2 +- mkosi.extra/srv/servnest/core | 2 +- mkosi.finalize | 1 + 5 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 mkosi.extra/etc/knot-resolver/kresd.conf diff --git a/mkosi.conf b/mkosi.conf index 1769a81..69e3e31 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -19,6 +19,7 @@ Packages = sudo git sqlite3 + knot-resolver man-db curl lsof diff --git a/mkosi.extra/etc/knot-resolver/kresd.conf b/mkosi.extra/etc/knot-resolver/kresd.conf new file mode 100644 index 0000000..f03e27c --- /dev/null +++ b/mkosi.extra/etc/knot-resolver/kresd.conf @@ -0,0 +1,19 @@ +net.listen('127.0.0.50', 53, { kind = 'dns', freebind = true }) + +-- Load useful modules +modules = { + 'hints > iterate', -- Allow loading /etc/hosts or custom root hints + 'stats', -- Track internal statistics + 'predict', -- Prefetch expiring/frequent records +} + +-- Forward requests to those resolvers over TLS +policy.TLS_FORWARD({ + -- UncensoredDNS + {'2a01:3a0:53:53::', hostname='unicast.uncensoreddns.org'}, + {'89.233.43.71', hostname='unicast.uncensoreddns.org'}, + {'2001:67c:28a4::', hostname='anycast.uncensoreddns.org'}, + {'91.239.100.100', hostname='anycast.uncensoreddns.org'}, +}) + +cache.size = 100 * MB diff --git a/mkosi.extra/etc/resolv.conf b/mkosi.extra/etc/resolv.conf index 5c089d6..4b601b6 100644 --- a/mkosi.extra/etc/resolv.conf +++ b/mkosi.extra/etc/resolv.conf @@ -1 +1 @@ -nameserver 127.0.0.53 +nameserver 127.0.0.50 diff --git a/mkosi.extra/srv/servnest/core b/mkosi.extra/srv/servnest/core index 808de3f..7330f3a 160000 --- a/mkosi.extra/srv/servnest/core +++ b/mkosi.extra/srv/servnest/core @@ -1 +1 @@ -Subproject commit 808de3fdbfb87630970ddcdb49cfd14c7ba3c127 +Subproject commit 7330f3a7699b107de2df8547cc42af93f6a93fc3 diff --git a/mkosi.finalize b/mkosi.finalize index bd4c109..75e0edf 100755 --- a/mkosi.finalize +++ b/mkosi.finalize @@ -18,4 +18,5 @@ if [[ $OS = "arch" ]]; then systemctl enable php-fpm fi +systemctl enable kresd@0 systemctl enable sftpgo