diff --git a/applications/dns.nix b/applications/dns.nix index c75d904..5265b55 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -60,7 +60,7 @@ @ NS ns1.${domain}. @ NS ns2.${domain}. - ; @ stands for teh root domain so teh A record below is where ${domain} points to + ; @ stands for the root domain so the A record below is where ${domain} points to ;@ A 193.1.99.76 ;@ MX 5 ${domain}. @@ -128,7 +128,7 @@ '' ); - # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. + # domains we dont have proper ownership over, only here to ensure the logs dont get cluttered. get_config_file_old_domains = ( domain: '' $TTL 60 ; 1 minute @@ -148,7 +148,7 @@ '' ); - # arrys of teh two nameservers + # arrys of the two nameservers tmp1 = ["193.1.99.109"]; tmp2 = ["193.1.99.120"]; @@ -171,10 +171,10 @@ else [] ); - # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router + # small function to tidy up the spam of the cache networks, would use the subnet except all external traffic has the ip of the router create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); - # standard function to create the etc file, pass in the text and domain and it makes it + # standard function to create the file in /etc/ ; pass in the text and domain and the function creates that file create_entry_etc_sub = domain: text: { # Creates /etc/skynet/dns/domain "skynet/dns/${domain}" = { @@ -189,7 +189,7 @@ }; # (text.owned "csn.ul.ie") - # standard function to create the etc file, pass in the text and domain and it makes it + # standard function to create the file in /etc/ ; pass in the text and domain and the function creates that file create_entry_etc = domain: type: if type == "owned" then create_entry_etc_sub domain (text.owned domain) @@ -206,7 +206,7 @@ // for bumping the config // ${current_date} ''; - # really wish teh nixos config didnt use master/slave + # really wish the nixos config didnt use master/slave master = cfg.server.primary; masters = primaries; slaves = secondaries; @@ -249,7 +249,7 @@ if builtins.hasAttr "skynet_dns" value.config then ( - # got to handle habing a dns record for the dns serves themselves. + # got to handle having a dns record for the dns serves themselves. if details_server.enable then ( @@ -314,7 +314,7 @@ in { }; records = lib.mkOption { - description = "Records, sorted based on therir type"; + description = "Records, sorted based on type"; type = with lib.types; listOf (submodule { options = { @@ -390,13 +390,26 @@ in { # set the upstream dns servers # overrides the default dns servers + # (pio - recommending HEANet and (Quad9 Filtered or quad9 Unfiltered) instead of Cloudflare and Google.) + # Google could stop DNS service at any time, and Cloudflare use your data.. forwarders = [ - # Cloudflare - "1.1.1.1" - # Google - "8.8.8.8" - # Quad9 - "9.9.9.9" + # HEANet - ns.heanet.ie / auth-ns2.heanet.ie / auth-ns3.heanet.ie + # + "193.1.193.194" + # "193.1.247.198" + # "5.196.22.225" + # Quad9 - malware/phish filtered, has DNSSEC validation. Pri / sec, then their IPV6 servers + # https://dns.quad9.net/dns-query + # "9.9.9.9" + # "149.112.112.112" + # # "2620:fe::11 + # # "2620:fe::fe:11" + # Quad9 unfiltered, no DNSSEC validation. Pri / sec, then their IPV6 servers + # https://dns10.quad9.net/dns-query + "9.9.9.10" + "149.112.112.10" + # # "2620:fe::10" + # # "2620:fe::fe:10" ]; cacheNetworks = @@ -421,7 +434,7 @@ in { }; systemd.services.bind = { - # deletes teh journal files evey start so it no longer stalls out + # deletes the journal files evey start so it no longer stalls out preStart = '' rm -vf /etc/skynet/dns/*.jnl rm -vf /etc/skynet/dns/*.jbk