From e17d0d07a586972c1815779e226702f12bd050c9 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sun, 28 Sep 2025 12:35:30 +0200
Subject: [PATCH] feat(tyr): enable some more blocky features.

---
 modules/servers/tyr/dns.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/servers/tyr/dns.nix b/modules/servers/tyr/dns.nix
index e2b2983..e2af2ee 100644
--- a/modules/servers/tyr/dns.nix
+++ b/modules/servers/tyr/dns.nix
@@ -14,9 +14,11 @@
         "127.0.0.1:553"
       ];
 
-      bootstrapDns = [
-        "tcp+udp:127.0.0.1:553"
-      ];
+      # For initially solving DoH/DoT Requests when no system Resolver is available.
+      bootstrapDns = {
+        upstream = "https://one.one.one.one/dns-query";
+        ips = ["1.1.1.1" "1.0.0.1"];
+      };
 
       blocking = {
         denylists = {
@@ -32,6 +34,11 @@
         prefetching = true;
         minTime = "1m";
       };
+
+      clientLookup = {
+        upstream = "192.168.0.1";
+        singleNameOrder = [1];
+      };
     };
   };