ahmed: Add local DNS resolver

author: Linnnus <[email protected]> 2025-03-16 01:31:23 +0100
committer: Linnnus <[email protected]> 2025-03-16 01:35:09 +0100
commit: 0df552f2ee09f04fcb2f70ca749483a3280189cb (patch)
tree: 121b2e543ecd421b0a217272ae10979eb5d3f510 /hosts
parent: e3f1fecf77c1288bd2cbdd0f9999d3685f974329 (diff)
2 files changed, 32 insertions, 0 deletions
diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 25eb336..9bd394f 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -23,6 +23,7 @@
     ./dyndns
     ./minecraft
     ./nginx
+    ./dns
   ];
 
   # Create the main user.
diff --git a/hosts/ahmed/dns/default.nix b/hosts/ahmed/dns/default.nix
new file mode 100644
index 0000000..35360f7
--- /dev/null
+++ b/hosts/ahmed/dns/default.nix
@@ -0,0 +1,31 @@
+{metadata, ...}: {
+  services.dnscache = {
+    enable = true;
+    clientIps = [
+      "192.168" # LAN
+      "127.0.0.1" # Local connections
+    ];
+
+    domainServers = {
+      "internal" = ["127.0.0.1"];
+    };
+  };
+
+  services.tinydns = {
+    enable = true;
+
+    # We will only listen for internal queries from the DNS cache.
+    ip = "127.0.0.1";
+
+    data = ''
+      .internal:127.0.0.1:a
+      =ahmed.internal:${metadata.hosts.ahmed.ipAddress}
+      =muhammed.internal:${metadata.hosts.muhammed.ipAddress}
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [53];
+    allowedUDPPorts = [53];
+  };
+}
author	Linnnus <[email protected]>	2025-03-16 01:31:23 +0100
committer	Linnnus <[email protected]>	2025-03-16 01:35:09 +0100
commit	0df552f2ee09f04fcb2f70ca749483a3280189cb (patch)
tree	121b2e543ecd421b0a217272ae10979eb5d3f510 /hosts
parent	e3f1fecf77c1288bd2cbdd0f9999d3685f974329 (diff)