From 7c9ab547e08323374f298909ef8c822fedd1b113 Mon Sep 17 00:00:00 2001
From: Ahwx <ahwx@ahwx.org>
Date: Sun, 18 May 2025 20:44:36 +0200
Subject: [PATCH] feat: adds dnsmasq and settings

---
 hosts/lily/dns.nix | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix
index 32263f0..b754a51 100644
--- a/hosts/lily/dns.nix
+++ b/hosts/lily/dns.nix
@@ -4,8 +4,27 @@
     dnsmasq = {
       enable = true;
       settings = {
-        cache-size = 10000;
-        server = [ "127.0.0.1#53" ];
+        cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
+        server = [
+          "9.9.9.9"
+          "149.112.112.112"
+        ];
+        domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
+        bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
+        no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
+
+        # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
+        dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
+        interface = "br-lan";
+        dhcp-host = "172.16.10.1";
+
+        # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
+        local = "/local/";
+        domain = "local";
+        expand-hosts = true;
+
+        no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
+        address = "/booping.local/172.16.10.1";
       };
     };
   };