{ config, ... }:

{
  services.coredns = {
    enable = true;
    config = ''
      .:53 {
        hosts {
          100.100.144.4 seika.astolfo.org
          fallthrough
        }

        # rewrite the CNAME to itself so hosts rule apply
        rewrite cname exact seika.astolfo.org. seika.astolfo.org.

        forward . 1.1.1.1
        log
        errors
      }
    '';
  };

  networking.firewall.allowedTCPPorts = [ 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];
}