2023-03-29 13:30:45 -05:00
|
|
|
-- udp/tcp dns listening
|
|
|
|
|
setLocal("0.0.0.0:53", {})
|
|
|
|
|
|
2023-05-06 11:53:26 -05:00
|
|
|
-- Local Bind
|
2023-03-29 13:30:45 -05:00
|
|
|
newServer({
|
|
|
|
|
address = "10.5.0.3",
|
2023-05-06 11:53:26 -05:00
|
|
|
pool = "bind",
|
|
|
|
|
checkName = "gateway.jahanson.tech"
|
2023-03-29 13:30:45 -05:00
|
|
|
})
|
|
|
|
|
|
2023-05-06 11:53:26 -05:00
|
|
|
-- NextDNS - Servers
|
2023-03-29 13:30:45 -05:00
|
|
|
newServer({
|
2023-05-06 11:53:26 -05:00
|
|
|
address = "188.172.251.1:443",
|
2023-03-29 13:30:45 -05:00
|
|
|
tls = "openssl",
|
2023-05-06 11:53:26 -05:00
|
|
|
subjectName = "8d3cd7.dns.nextdns.io",
|
|
|
|
|
dohPath = "/8d3cd7",
|
2023-03-29 13:30:45 -05:00
|
|
|
validateCertificates = true,
|
|
|
|
|
checkInterval = 10,
|
|
|
|
|
checkTimeout = 2000,
|
2023-05-06 11:53:26 -05:00
|
|
|
pool = "nextdns_servers"
|
2023-03-29 13:30:45 -05:00
|
|
|
})
|
|
|
|
|
|
2023-05-06 11:53:26 -05:00
|
|
|
-- NextDNS - Trusted
|
2023-03-29 13:30:45 -05:00
|
|
|
newServer({
|
2023-05-06 11:53:26 -05:00
|
|
|
address = "188.172.251.1:443",
|
2023-03-29 13:30:45 -05:00
|
|
|
tls = "openssl",
|
2023-05-06 11:53:26 -05:00
|
|
|
subjectName = "d79ecb.dns.nextdns.io",
|
|
|
|
|
dohPath = "/d79ecb",
|
2023-03-29 13:30:45 -05:00
|
|
|
validateCertificates = true,
|
|
|
|
|
checkInterval = 10,
|
|
|
|
|
checkTimeout = 2000,
|
2023-05-06 11:53:26 -05:00
|
|
|
pool = "nextdns_trusted"
|
2023-03-29 13:30:45 -05:00
|
|
|
})
|
|
|
|
|
|
2023-05-06 11:53:26 -05:00
|
|
|
-- NextDNS - IoT
|
2023-03-29 13:30:45 -05:00
|
|
|
newServer({
|
2023-05-06 11:53:26 -05:00
|
|
|
address = "188.172.251.1:443",
|
2023-03-29 13:30:45 -05:00
|
|
|
tls = "openssl",
|
2023-05-06 11:53:26 -05:00
|
|
|
subjectName = "e29a3c.dns.nextdns.io",
|
|
|
|
|
dohPath = "/e29a3c",
|
2023-03-29 13:30:45 -05:00
|
|
|
validateCertificates = true,
|
|
|
|
|
checkInterval = 10,
|
|
|
|
|
checkTimeout = 2000,
|
2023-05-06 11:53:26 -05:00
|
|
|
pool = "nextdns_iot"
|
2023-03-29 13:30:45 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
-- CloudFlare DNS over TLS
|
|
|
|
|
newServer({
|
|
|
|
|
address = "1.1.1.1:853",
|
|
|
|
|
tls = "openssl",
|
|
|
|
|
subjectName = "cloudflare-dns.com",
|
|
|
|
|
validateCertificates = true,
|
|
|
|
|
checkInterval = 10,
|
|
|
|
|
checkTimeout = 2000,
|
|
|
|
|
pool = "cloudflare"
|
|
|
|
|
})
|
|
|
|
|
newServer({
|
|
|
|
|
address = "1.0.0.1:853",
|
|
|
|
|
tls = "openssl",
|
|
|
|
|
subjectName = "cloudflare-dns.com",
|
|
|
|
|
validateCertificates = true,
|
|
|
|
|
checkInterval = 10,
|
|
|
|
|
checkTimeout = 2000,
|
|
|
|
|
pool = "cloudflare"
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
-- Enable caching
|
|
|
|
|
pc = newPacketCache(10000, {
|
|
|
|
|
maxTTL = 86400,
|
|
|
|
|
minTTL = 0,
|
|
|
|
|
temporaryFailureTTL = 60,
|
|
|
|
|
staleTTL = 60,
|
|
|
|
|
dontAge = false
|
|
|
|
|
})
|
|
|
|
|
getPool(""):setCache(pc)
|
|
|
|
|
|
|
|
|
|
-- Request logging, uncomment to log DNS requests/responses to stdout
|
|
|
|
|
-- addAction(AllRule(), LogAction("", false, false, true, false, false))
|
|
|
|
|
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))
|
|
|
|
|
|
|
|
|
|
-- Routing rules
|
|
|
|
|
addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan
|
2023-05-06 11:53:26 -05:00
|
|
|
addAction("192.168.2.0/24", DropAction()) -- stop processing
|
|
|
|
|
addAction('unifi', PoolAction('bind'))
|
|
|
|
|
addAction('hsn.dev', PoolAction('bind'))
|
|
|
|
|
addAction('jahanson.tech', PoolAction('bind'))
|
|
|
|
|
addAction('1.10.in-addr.arpa', PoolAction('bind'))
|
|
|
|
|
|
|
|
|
|
addAction("10.1.0.0/24", PoolAction("nextdns_servers")) -- lan
|
|
|
|
|
addAction("10.1.1.0/24", PoolAction("nextdns_servers")) -- servers vlan
|
|
|
|
|
addAction("10.1.2.0/24", PoolAction("nextdns_trusted")) -- trusted vlan
|
|
|
|
|
addAction("10.1.3.0/24", PoolAction("nextdns_iot")) -- iot vlan
|
|
|
|
|
addAction("10.0.11.0/24", PoolAction("nextdns_trusted")) -- wg_trusted vlan
|
