From 4cc5a1fb57fb20f2c33cdd2f1b2997a27af47c7f Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 9 May 2025 23:17:38 +0200
Subject: [PATCH] unbound: fix

---
 hosts/quitte/network.nix    |  8 +++-----
 modules/unbound/default.nix | 11 ++++-------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/hosts/quitte/network.nix b/hosts/quitte/network.nix
index f984edd..ec09503 100644
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@@ -15,7 +15,7 @@
 
     firewall = {
       logRefusedConnections = false;
-      trustedInterfaces = [ "podman0"];
+      trustedInterfaces = [ "podman0" ];
     };
   };
 
@@ -47,10 +47,8 @@
       ];
       networkConfig = {
         DNS = [
-          "9.9.9.9"
-          "149.112.112.112"
-          "2620:fe::fe"
-          "2620:fe::9"
+          "127.0.0.1"
+          "::1"
         ];
         LLDP = true;
         EmitLLDP = "nearest-bridge";
diff --git a/modules/unbound/default.nix b/modules/unbound/default.nix
index e8819cc..01b2e60 100644
--- a/modules/unbound/default.nix
+++ b/modules/unbound/default.nix
@@ -1,17 +1,14 @@
 { ... }:
 {
+  services.resolved.extraConfig = ''
+    DNSStubListener=no
+  '';
   services.unbound = {
     enable = true;
     settings = {
       server = {
-        interface = [ "127.0.0.1" ];
-        access-control = [ "127.0.0.1 allow" ];
+        interface = [ "127.0.0.1" "::1" ];
       };
-      stub-zone = [
-        {
-          name = ".";
-        }
-      ];
     };
   };
 }