From f2aa6e6abf66f0e946c8a1f46ae675360ce24654 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 21 May 2023 18:59:28 +0200
Subject: config: networking: dns: add oisd blocklist

---
 config/networking/services/dns.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'config/networking')

diff --git a/config/networking/services/dns.nix b/config/networking/services/dns.nix
index 5c06eeb..cce2f17 100644
--- a/config/networking/services/dns.nix
+++ b/config/networking/services/dns.nix
@@ -6,6 +6,7 @@ in {
     enable = true;
     settings = {
       server = {
+        module-config = ''"respip validator iterator"'';
         interface =
           [ "127.0.0.1" "${nets.wan.subnet}.1" "${nets.iot.subnet}.1" ];
         access-control = [
@@ -15,6 +16,9 @@ in {
           "${nets.iot.subnet}.0/24 allow"
         ];
       };
+      rpz = {
+        name = "rpz.oisd.nl";
+      };
     };
   };
 }
-- 
cgit v1.2.3