router: dns: add more upstream providers; add sysdomain hosts for truenas, debbi, etappi

2025-03-19 00:29:03 -07:00 · 2025-03-19 00:29:03 -07:00 · ac1f427677
commit ac1f427677
parent c353ec4020
1 changed files with 19 additions and 7 deletions
--- a/hosts/router/dns.nix
+++ b/hosts/router/dns.nix
@ -46,7 +46,15 @@ in
    dns = {
      bootstrap_dns = [ "1.1.1.1" "9.9.9.9" ];
      upstream_dns = [
-        "quic://p0.freedns.controld.com"  # Default upstream
+        # Default upstreams
+        "quic://p0.freedns.controld.com"
+        "tls://one.one.one.one"
+        "tls://dns.quad9.net"
+
+        # Adguard uses upstream and not rewrite rules to resolve cname rewrites,
+        # and obviously my sysdomain entries don't exist in cloudflare.
+        "[/${sysdomain}/][::1]"           # Sys domains to self (for cname rewrites)
+
        "[/${ldomain}/][::1]:1053"        # Local domains to Knot (ddns)
        "[/home/][${ifs.lan.ulaPrefix}::250]"  # .home domains to opnsense (temporary)
      ];
@ -56,26 +64,30 @@ in
      # DNS rewrites
      "|grouter.${domain}^$dnsrewrite=${ifs.lan.ulaAddr}"
      "|pve-1.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.5"
-      "|pve-3.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.7"
      "|pve-1.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::5:1"
+      "|pve-3.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.7"
      "|pve-3.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::7:1"
+      "|truenas.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.10"
+      "|truenas.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::20d0:43ff:fec6:3192"
+      "|debbi.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.11"
+      "|debbi.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::11:1"
+      "|etappi.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.12"
+      "|etappi.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::12:1"

-      "||lab.${domain}^$dnsrewrite=${ifs.lan.p6}::12:1"
-      "||lab.${domain}^$dnsrewrite=${ifs.lan.p4}.12"
+      # Lab DNS rewrites
+      "||lab.${domain}^$dnsrewrite=etappi.${sysdomain}"

      # Allowed exceptions
      "@@||googleads.g.doubleclick.net"
    ]
      # Alpina DNS rewrites
-      ++ map (host: "${host}${domain}^$dnsrewrite=${ifs.lan.p6}:1cd5:56ff:feec:c74a") alpinaDomains
-      ++ map (host: "${host}${domain}^$dnsrewrite=${ifs.lan.p4}.11") alpinaDomains;
+      ++ map (host: "${host}${domain}^$dnsrewrite=debbi.${sysdomain}") alpinaDomains;
  };

  services.knot.enable = true;
  services.knot.settings = {
    # server.listen = "0.0.0.0@1053";
    server.listen = "::1@1053";
-    # TODO: templates
    zone = [
      {
        domain = ldomain;