crony/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tyr): harden dns a bit.

Browse source
This commit is contained in:
CronyAkatsuki 2025-09-28 01:08:57 +02:00
parent 41f4382959
commit efeb9d0f92
1 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/servers/tyr/dns.nix
View file

@ -14,12 +14,18 @@
"127.0.0.1:553" "127.0.0.1:553"
]; ];
bootstrapDns = [
"tcp+udp:127.0.0.1:553"
];
blocking = { blocking = {
denylists = { denylists = {
"pro" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/pro.txt"]; "pro" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/pro.txt"];
"tif" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/tif.txt"]; "tif" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/tif.txt"];
"fake" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/fake.txt"];
"gambling" = ["https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/wildcard/gambling.txt"];
}; };
clientGroupsBlock.default = ["pro" "tif"]; clientGroupsBlock.default = ["pro" "tif" "fake" "gambling"];
}; };
caching = { caching = {
@ -38,6 +44,14 @@
port = 553; port = 553;
do-ip4 = true; do-ip4 = true;
do-ip6 = false; do-ip6 = false;
access-control = ["127.0.0.1 allow"];
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
edns-buffer-size = 1232;
hide-identity = true;
hide-version = true;
prefetch = true; prefetch = true;
cache-max-ttl = 60; cache-max-ttl = 60;