diff options
author | Ben Sima <ben@bsima.me> | 2022-08-25 08:56:43 -0400 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2022-08-25 08:56:43 -0400 |
commit | e96c147896f12e2f5c171f980b2d2d84407fdb3c (patch) | |
tree | 01889339c3ef865ef3517b7388b56c049e0de2c0 /Biz | |
parent | 2c7a85de18eb46d8afb449e4784720eb7c284e55 (diff) |
Prototype DNS support locally
This works when I route from lithium, including with 'dig', but when I try to
'dig @lithium router.home' from helium, for example, it times out. So my thought
is that the firewall is blocking, but that doesn't seem to be the problem. So
maybe my router is doing something? Hopefully when I migrate this to my APU
router this will all just work, but idk.
Diffstat (limited to 'Biz')
-rw-r--r-- | Biz/Cloud/Ports.nix | 1 | ||||
-rw-r--r-- | Biz/Dev.nix | 1 | ||||
-rw-r--r-- | Biz/Dev/Configuration.nix | 14 | ||||
-rw-r--r-- | Biz/Dev/Dns.nix | 36 | ||||
-rw-r--r-- | Biz/Dev/Home.zone | 23 | ||||
-rw-r--r-- | Biz/Dev/Networking.nix | 12 |
6 files changed, 72 insertions, 15 deletions
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix index 049ca13..18c5f3a 100644 --- a/Biz/Cloud/Ports.nix +++ b/Biz/Cloud/Ports.nix @@ -3,6 +3,7 @@ bitcoind = 8333; dandel-rovbur = 8080; delugeWeb = 8112; + dns = 53; dragons = 8095; et = 2022; gemini = 1965; diff --git a/Biz/Dev.nix b/Biz/Dev.nix index c31b004..6be4856 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -11,6 +11,7 @@ bild.os { ./Dev/Hardware.nix ./Dev/Hoogle.nix ./Dev/Networking.nix + ./Dev/Dns.nix #./Dev/Wireguard.nix # this changed in the upgrade and I can't find docs ./Dragons.nix # ./Dev/Guix.nix # I need to package a bunch of guile libs first diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index 3560952..4e0a5f8 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -50,7 +50,7 @@ in { virtualisation.docker.enable = true; virtualisation.docker.liveRestore = false; - virtualisation.libvirtd.enable = true; + virtualisation.libvirtd.enable = false; virtualisation.virtualbox.host.enable = false; virtualisation.virtualbox.host.headless = false; virtualisation.virtualbox.host.addNetworkInterface = false; @@ -96,18 +96,6 @@ in { services.deluge.openFilesLimit = 10240; services.deluge.web.enable = true; - services.dnsmasq.enable = true; - services.dnsmasq.servers = [ "8.8.8.8" ]; - services.dnsmasq.resolveLocalQueries = true; - services.dnsmasq.extraConfig = '' - local=/home/ - cache-size=5000 - ''; - networking.extraHosts = '' - 192.168.0.1 router.home - 192.168.0.196 lithium.home - ''; - services.printing.enable = true; services.murmur.enable = true; diff --git a/Biz/Dev/Dns.nix b/Biz/Dev/Dns.nix new file mode 100644 index 0000000..e64e114 --- /dev/null +++ b/Biz/Dev/Dns.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + + + +{ + services.bind = { + enable = true; + forwarders = [ + "8.8.8.8" + "1.1.1.1" + ]; + cacheNetworks = [ + "127.0.0.0/8" + "192.168.0.0/24" + ]; + extraConfig = '' + ''; + extraOptions = '' + dnssec-validation auto; + ''; + zones = [ + { + master = true; + name = "home"; + slaves = []; + file = ./Home.zone; + } + ]; + }; + + #networking.extraHosts = '' + # 192.168.0.1 router.home + # 192.168.0.196 lithium.home + #''; + +} diff --git a/Biz/Dev/Home.zone b/Biz/Dev/Home.zone new file mode 100644 index 0000000..86d4919 --- /dev/null +++ b/Biz/Dev/Home.zone @@ -0,0 +1,23 @@ +;$TTL 3D +;@ IN SOA home. hostmaster ( +; 1 ; serial +; 8H ; refresh +; 2H ; retry +; 4W ; expire +; 1D) ; min ttl +; IN NS ns.home. +;home. IN A 192.168.0.196 +;router IN A 192.168.0.196 +; +$TTL 1D +@ IN SOA ns.home. hostmaster ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Minimum +@ IN NS ns. ; Name Server for the domain +@ IN A 192.168.0.196 ; +example.com. IN A 192.168.0.1 ; test +router IN A 192.168.0.1 ; IP address for 'router' +lithium IN A 192.168.0.196 ; my dev server diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix index 88ec4fb..721b8bf 100644 --- a/Biz/Dev/Networking.nix +++ b/Biz/Dev/Networking.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: let ports = import ../Cloud/Ports.nix; @@ -34,11 +34,19 @@ in { ports.torrents ports.httpdev ]; - allowedUDPPorts = [ ports.murmur ports.et ]; + allowedUDPPorts = [ + ports.dns + ports.et + ports.murmur + ]; allowedUDPPortRanges = [ ports.torrents ]; checkReversePath = false; + #extraCommands = lib.mkMerge [ (lib.mkAfter '' + # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p udp --dport 53 -i enp1s0 -j nixos-fw-accept + # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p tcp --dport 53 -i enp1s0 -j nixos-fw-accept + #'') ]; }; # The global useDHCP flag is deprecated, therefore explicitly set to false here. |