about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--lib/dns.nix92
1 files changed, 56 insertions, 36 deletions
diff --git a/lib/dns.nix b/lib/dns.nix
index da1f1f2..c0e4641 100644
--- a/lib/dns.nix
+++ b/lib/dns.nix
@@ -1,46 +1,66 @@
 { lib, inputs, ... }:
 with lib;
 recursiveUpdate inputs.dns.lib {
+  mkDoT = { ips, tls }: map (ip: "${ip}#${tls}") ips;
+
   const = {
     quad9 = {
-      default = [
-        "9.9.9.9"
-        "149.112.112.112"
-        "2620:fe::fe"
-        "2620:fe::9"
-      ];
-      unsecured = [
-        "9.9.9.10"
-        "149.112.112.10"
-        "2620:fe::10"
-        "2620:fe::fe:10"
-      ];
-      ecs = [
-        "9.9.9.11"
-        "149.112.112.11"
-        "2620:fe::11"
-        "2620:fe::fe:11"
-      ];
+      default = {
+        ips = [
+          "9.9.9.9"
+          "149.112.112.112"
+          "2620:fe::fe"
+          "2620:fe::9"
+        ];
+        tls = "dns.quad9.net";
+      };
+      unsecured = {
+        ips = [
+          "9.9.9.10"
+          "149.112.112.10"
+          "2620:fe::10"
+          "2620:fe::fe:10"
+        ];
+        tls = "dns10.quad9.net";
+      };
+      ecs = {
+        ips = [
+          "9.9.9.11"
+          "149.112.112.11"
+          "2620:fe::11"
+          "2620:fe::fe:11"
+        ];
+        tls = "dns11.quad9.net";
+      };
     };
     cloudflare = {
-      default = [
-        "1.1.1.1"
-        "1.0.0.1"
-        "2606:4700:4700::1111"
-        "2606:4700:4700::1001"
-      ];
-      blocking = [
-        "1.1.1.2"
-        "1.0.0.2"
-        "2606:4700:4700::1112"
-        "2606:4700:4700::1002"
-      ];
-      blockingPlus = [
-        "1.1.1.3"
-        "1.0.0.3"
-        "2606:4700:4700::1113"
-        "2606:4700:4700::1003"
-      ];
+      default = {
+        ips = [
+          "1.1.1.1"
+          "1.0.0.1"
+          "2606:4700:4700::1111"
+          "2606:4700:4700::1001"
+        ];
+        tls = "cloudflare-dns.com";
+      };
+      security = {
+        ips = [
+          "1.1.1.2"
+          "1.0.0.2"
+          "2606:4700:4700::1112"
+          "2606:4700:4700::1002"
+        ];
+        tls = "security.cloudflare-dns.com";
+      };
+      family = {
+        ips = [
+          "1.1.1.3"
+          "1.0.0.3"
+          "2606:4700:4700::1113"
+          "2606:4700:4700::1003"
+        ];
+        tls = "family.cloudflare-dns.com";
+      };
     };
   };
 }

Consider giving Nix/NixOS a try! <3