From 64ad31ab4f8c01ee120e01c4ec094a194dd5710d Mon Sep 17 00:00:00 2001
From: Niten <niten@fudo.org>
Date: Wed, 4 Nov 2020 12:33:14 -0600
Subject: [PATCH] Fixes to local-network DNS

---
 config/fudo/local-network.nix | 8 ++++----
 hosts/clunk.nix               | 8 +++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/config/fudo/local-network.nix b/config/fudo/local-network.nix
index 024b6d5..1b282cd 100644
--- a/config/fudo/local-network.nix
+++ b/config/fudo/local-network.nix
@@ -70,7 +70,7 @@ in {
     enable = mkEnableOption "Enable local network configuration (DHCP & DNS).";
 
     hosts = mkOption {
-      type = with types; loaOf (submodule hostOpts);
+      type = with types; attrsOf (submodule hostOpts);
       default = {};
       description = "A map of hostname => { host_attributes }.";
     };
@@ -101,7 +101,7 @@ in {
     };
 
     aliases = mkOption {
-      type = with types; loaOf str;
+      type = with types; attrsOf str;
       default = {};
       description = "A mapping of host-alias => hostname to use on the local network.";
     };
@@ -245,10 +245,10 @@ in {
       listenOn = cfg.dns-serve-ips;
       extraOptions = concatStringsSep "\n" [
         "dnssec-enable yes;"
-        "dnssec-validation auto;"
+        "dnssec-validation yes;"
         "auth-nxdomain no;"
         "recursion yes;"
-        "allow-recursion { ${cfg.network}; };"
+        "allow-recursion { any; };"
       ];
       zones = [
         {
diff --git a/hosts/clunk.nix b/hosts/clunk.nix
index 8dd89de..b93770a 100644
--- a/hosts/clunk.nix
+++ b/hosts/clunk.nix
@@ -33,7 +33,7 @@ in {
     dns-servers = [ host-internal-ip ];
     gateway = host-internal-ip;
     dhcp-interfaces = [ "intif0" ];
-    dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ];
+    dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" "::1" ];
     # Using a pihole running in docker, see below
     recursive-resolver = "${host-internal-ip} port 5353";
     server-ip = host-internal-ip;
@@ -54,7 +54,7 @@ in {
 
     firewall = {
       enable = true;
-      trustedInterfaces = [ "intif0" ];
+      trustedInterfaces = [ "intif0" "docker0" ];
     };
 
     interfaces = {
@@ -100,7 +100,9 @@ in {
       enable = true;
       port = 53;
       upstream-dns = [
-        "https://cloudflare-dns.com/dns-query"
+        "https://1.1.1.1/dns-query"
+        "https://1.0.0.1/dns-query"
+        #"https://9.9.9.9/dns-query"
       ];
       bootstrap-dns = "1.1.1.1";
       listen-ips = [dns-proxy-ip];