1 files changed, 9 insertions, 2 deletions

diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 2291cc7..79d52eb 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -86,13 +86,16 @@ in {
                 "${ipv6.subnet} allow"
               ];
 
-              private-domain = cfg.domain;
+              private-domain = "${cfg.domain}.";
               private-address = with config.nixfiles.modules.wireguard; [
                 ipv4.subnet
                 ipv6.subnet
               ];
 
-              domain-insecure = cfg.domain;
+              cache-min-ttl = 0;
+
+              serve-expired = true;
+              serve-expired-reply-ttl = 0;
 
               prefetch = true;
               prefetch-key = true;
@@ -123,6 +126,8 @@ in {
             };
           };
 
+          enableRootTrustAnchor = true;
+
           localControlSocketPath = "/run/unbound/unbound.socket";
         };
 
@@ -174,5 +179,7 @@ in {
           wantedBy = ["timers.target"];
         };
       };
+
+      boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3;
     };
 }