nixos-config/profiles/servers/stubby.nix

{ config, lib, pkgs, ... }: {
  ## DNS-over-TLS
  services.stubby = {
    enable = true;
    settings = pkgs.stubby.passthru.settingsExample // {
      dnssec = "GETDNS_EXTENSION_TRUE";
      listen_addresses = [ "0::1" "127.0.0.1" ];
      resolution_type = "GETDNS_RESOLUTION_STUB";
      round_robin_upstreams = 1;
      tls_authentication = "GETDNS_AUTHENTICATION_REQUIRED";
      tls_min_version = "GETDNS_TLS1_3";
      upstream_recursive_servers = [
        {
          address_data = "2620:fe::fe";
          tls_auth_name = "dns.quad9.net";
        }
        {
          address_data = "2620:fe::9";
          tls_auth_name = "dns.quad9.net";
        }
        {
          address_data = "9.9.9.9";
          tls_auth_name = "dns.quad9.net";
        }
        {
          address_data = "149.112.112.112";
          tls_auth_name = "dns.quad9.net";
        }
        {
          address_data = "2606:4700:4700::1112";
          tls_auth_name = "cloudflare-dns.com";
        }
        {
          address_data = "2606:4700:4700::1002";
          tls_auth_name = "cloudflare-dns.com";
        }
        {
          address_data = "1.1.1.2";
          tls_auth_name = "cloudflare-dns.com";
        }
        {
          address_data = "1.0.0.2";
          tls_auth_name = "cloudflare-dns.com";
        }
      ];
    };
  };

  networking.nameservers = [ "::1" "127.0.0.1" ];
  services.resolved = {
    enable = true;
    fallbackDns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
  };
}
server testing 2022-02-01 05:17:22 +03:00			`{ config, lib, pkgs, ... }: {`
			`## DNS-over-TLS`
			`services.stubby = {`
			`enable = true;`
			`settings = pkgs.stubby.passthru.settingsExample // {`
			`dnssec = "GETDNS_EXTENSION_TRUE";`
			`listen_addresses = [ "0::1" "127.0.0.1" ];`
			`resolution_type = "GETDNS_RESOLUTION_STUB";`
			`round_robin_upstreams = 1;`
			`tls_authentication = "GETDNS_AUTHENTICATION_REQUIRED";`
			`tls_min_version = "GETDNS_TLS1_3";`
			`upstream_recursive_servers = [`
			`{`
			`address_data = "2620:fe::fe";`
			`tls_auth_name = "dns.quad9.net";`
			`}`
			`{`
			`address_data = "2620:fe::9";`
			`tls_auth_name = "dns.quad9.net";`
			`}`
			`{`
			`address_data = "9.9.9.9";`
			`tls_auth_name = "dns.quad9.net";`
			`}`
			`{`
			`address_data = "149.112.112.112";`
			`tls_auth_name = "dns.quad9.net";`
			`}`
			`{`
			`address_data = "2606:4700:4700::1112";`
			`tls_auth_name = "cloudflare-dns.com";`
			`}`
			`{`
			`address_data = "2606:4700:4700::1002";`
			`tls_auth_name = "cloudflare-dns.com";`
			`}`
			`{`
			`address_data = "1.1.1.2";`
			`tls_auth_name = "cloudflare-dns.com";`
			`}`
			`{`
			`address_data = "1.0.0.2";`
			`tls_auth_name = "cloudflare-dns.com";`
			`}`
			`];`
			`};`
			`};`

			`networking.nameservers = [ "::1" "127.0.0.1" ];`
			`services.resolved = {`
			`enable = true;`
			`fallbackDns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];`
			`};`
			`}`