From 206d6a2ba64f0dc6608bc7514515496205d94e6a Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Wed, 5 Jun 2024 02:53:50 +0200
Subject: [PATCH] cluster/services/dns: drop DS queries

---
 cluster/services/dns/authoritative.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cluster/services/dns/authoritative.nix b/cluster/services/dns/authoritative.nix
index 8ac345a..3113e50 100644
--- a/cluster/services/dns/authoritative.nix
+++ b/cluster/services/dns/authoritative.nix
@@ -34,6 +34,7 @@ let
   in "rewrite stop name ${record.rewrite.type} ${record.name}${maybeEscapeRegex ".${record.root}."} ${record.rewrite.target}. answer auto") recordsPartitioned.wrong;
 
   rewriteConf = pkgs.writeText "coredns-rewrites.conf" ''
+    rewrite stop type DS DS
     rewrite stop type NS NS
     rewrite stop type SOA SOA
     ${lib.concatStringsSep "\n" rewrites}
@@ -94,6 +95,9 @@ in {
           prefetch 3
           serve_stale 86400s verify
         }
+        template ANY DS {
+          rcode NXDOMAIN
+        }
         forward service.eu-central.sd-magic.${domain} 127.0.0.1:8600
         forward addr.eu-central.sd-magic.${domain} 127.0.0.1:8600
         import ${rewriteConf}