diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/unbound.nix | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 2291cc7..79d52eb 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -86,13 +86,16 @@ in { "${ipv6.subnet} allow" ]; - private-domain = cfg.domain; + private-domain = "${cfg.domain}."; private-address = with config.nixfiles.modules.wireguard; [ ipv4.subnet ipv6.subnet ]; - domain-insecure = cfg.domain; + cache-min-ttl = 0; + + serve-expired = true; + serve-expired-reply-ttl = 0; prefetch = true; prefetch-key = true; @@ -123,6 +126,8 @@ in { }; }; + enableRootTrustAnchor = true; + localControlSocketPath = "/run/unbound/unbound.socket"; }; @@ -174,5 +179,7 @@ in { wantedBy = ["timers.target"]; }; }; + + boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3; }; } |