nixos/profiles/systemd-resolved.nix

   1 { pkgs, lib, config, ... }:
   2 {
   3   services.resolved = { enable = true;
   4     domains = [ "~." ];
   5     fallbackDns = [ "" ];
   6     dnssec = "true";
   7     dnsovertls = lib.mkDefault "false";
   8     # Deprecated in favor of MulticastDNS
   9     llmnr = "false";
  10     extraConfig = lib.mkDefault ''
  11       MulticastDNS=false
  12     '';
  13   };
  14   networking.nftables.ruleset = ''
  15     table inet filter {
  16       chain input-lan {
  17         #udp dport mdns counter accept comment "systemd-resolved: MulticastDNS"
  18       }
  19       chain output-lan {
  20         #skuid ${config.users.users.systemd-resolve.name} udp sport mdns udp dport mdns counter accept comment "MulticastDNS"
  21         #meta l4proto { udp, tcp } th dport domain skuid ${config.users.users.systemd-resolve.name} counter accept comment "systemd-resolved: DNS"
  22       }
  23       chain output-net {
  24         #meta l4proto { udp, tcp } th dport domain skuid ${config.users.users.systemd-resolve.name} counter accept comment "systemd-resolved: DNS"
  25       }
  26     }
  27   '';
  28 }