From de17a48de30d0826b50ee39be6b3cf018e9ed19e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?=
<geoffrey@frogeye.fr>
Date: Fri, 14 Feb 2025 04:13:44 +0100
Subject: [PATCH] Friendship ended with systemd-resolved. Now dnsmasq is my new
best friend.
Welp, it was short-lived.
---
os/dns/default.nix | 36 +++---------------------------------
1 file changed, 3 insertions(+), 33 deletions(-)
diff --git a/os/dns/default.nix b/os/dns/default.nix
index 0a8749b..0e93a0c 100644
--- a/os/dns/default.nix
+++ b/os/dns/default.nix
@@ -1,43 +1,13 @@
{
- config,
...
}:
{
config = {
- services.resolved = {
+ services.dnsmasq = {
# We want to be able to have two VPNs active at once.
- # Not an issue for routing, but only systemd-resolved seems to be able to handle
- # directing DNS requests of an interface search domain the right DNS server.
+ # Not an issue for routing, but we need local DNS with conditional forwarding.
enable = true;
- # Note: resolvectl allows to debug DNS issues
-
- # Don't use Google or CloudFlare servers as a fallback, instead use some from OpenNIC
- fallbackDns = [
- # ns1.nl
- "80.78.132.79"
- "2a0d:2146:2404::1069"
- # ns3.de
- "202.61.197.122"
- "2a03:4000:59:ef::"
- ];
+ resolveLocalQueries = true;
};
-
- # Shenanigans as it doesn't work out of the box, obviously 🙃
- nixpkgs.overlays = [
- (self: super: {
- # UPST OpenVPN's script has systemd and openresolv in its path,
- # and ends up using the latter... we don't want that.
- update-resolv-conf = super.update-resolv-conf.override {
- openresolv = config.networking.resolvconf.package;
- };
- # wg-quick seems to be too fast for systemd-resolved.
- # Of course the issue disappears with strace. But also with a sleep, so...
- wireguard-tools = super.wireguard-tools.overrideAttrs (old: {
- patches = (old.patches or [ ]) ++ [
- ./wireguard-tools.patch
- ];
- });
- })
- ];
};
}