Setup DNS over QUIC on NixOS

Install dnsproxy and use DNS over QUIC on NixOS

# Install DNS Proxy

Add dnsproxy to your environment.systemPackages like this:

1
2
3

environment.systemPackages = with pkgs; [
  dnsproxy
];

# Use a local DNS server

1
2

networking.nameservers = [ "127.0.0.1" "::1" ];
networking.networkmanager.dns = "none";

# Create a systemd service to run DNS Proxy

Note that you need to specify a bootstrap server since by default, dnsproxy uses a system-provided DNS server, which is the dnsproxy itself 127.0.0.1 which causes a loop.

1
2
3
4
5

systemd.services.dnsproxy = {
  description = "dnsproxy";
  serviceConfig.ExecStart = "${pkgs.dnsproxy}/bin/dnsproxy -l 127.0.0.1 -u quic://dns.nextdns.io -b 192.168.1.1";
  wantedBy = [ "multi-user.target" ];
};

If you have a local DNS server at 192.168.1.1, you can specify home.arpa to resolve at 192.168.1.1. Also enable cache.

1
2
3
4
5

systemd.services.dnsproxy = {
  description = "dnsproxy";
  serviceConfig.ExecStart = "${pkgs.dnsproxy}/bin/dnsproxy -l 127.0.0.1 -u quic://dns.nextdns.io -u [/home.arpa/]192.168.1.1 -b 192.168.1.1 --cache --cache-optimistic";
  wantedBy = [ "multi-user.target" ];
};
DNS Linux Tutorials
Licensed under CC BY-NC-SA 4.0
Last updated on April 18, 2024 09:57:00 PM +0800
© 2017 - 2024 Anim Mouse
By Shawn M.
Built with Hugo
Theme Stack designed by Jimmy