For the configuration.nix I want my son to user opendns dns-servers:
208.67.222.222
208.67.220.220
How can I force the IP stack to use those two DNS servers?
man configuration.nix and search for networking is your friend here.
It all depends on how you configure the network. Personally, I wouldn’t do this on the individual computer(s) but instead on the gateway level (I run NixOS on mine).
And https://github.com/NixOS/nixpkgs/pull/186652 adds support for OpenDNS as a provider for https-dns-proxy (DNS over HTTPS).
Thanx Peter. This is for our son (7 years old), I tuned OpenDNS for him in a way to be more secure on the internet, along many other different little things. That is why the OpenDNS server should only apply to his computer.
You should also ensure the web browser isn’t using Dns over TLS/HTTPS, this would bypass your local resolver and you can’t block them (it’s the point of Dot / DoH)
That is why the OpenDNS server should only apply to his computer.
Sure, but that doesn’t mean you cannot manage it centrally.
You can use firewall rules to divert DNS traffic from the IP address assigned to your son’s PC to a dedicated caching resolver. Or set up a 2nd IP on the firewall and run it there - then configure his machine (either via DHCP or statically) to use the resolver on the 2nd IP.