vyos-config/containers/dnsdist/config/dnsdist.conf

-- udp/tcp dns listening
setLocal("0.0.0.0:53", {})

-- Local CoreDNS
newServer({
  address = "10.5.0.3",
  pool = "coredns"
})

-- ControlD - Servers
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/14pk0z49y0u",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_servers"
})

-- ControlD - Trusted
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/7l9xgidtyr",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_trusted"
})

-- ControlD - IoT
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/227g88d4fp5",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_iot"
})

-- CloudFlare DNS over TLS
newServer({
  address = "1.1.1.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})
newServer({
  address = "1.0.0.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})

-- Enable caching
pc = newPacketCache(10000, {
  maxTTL = 86400,
  minTTL = 0,
  temporaryFailureTTL = 60,
  staleTTL = 60,
  dontAge = false
})
getPool(""):setCache(pc)

-- Request logging, uncomment to log DNS requests/responses to stdout
-- addAction(AllRule(), LogAction("", false, false, true, false, false))
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))

-- Routing rules
addAction('unifi', PoolAction('coredns'))
addAction('hsn.dev', PoolAction('coredns'))
addAction('jahanson.tech', PoolAction('coredns'))
addAction('1.10.in-addr.arpa', PoolAction('coredns'))

addAction("10.1.0.0/24", PoolAction("controld_servers"))  -- lan
addAction("10.1.1.0/24", PoolAction("controld_servers"))  -- servers vlan
addAction("10.1.2.0/24", PoolAction("controld_trusted"))  -- trusted vlan
addAction("10.1.3.0/24", PoolAction("controld_iot"))      -- iot vlan
addAction("10.0.11.0/24", PoolAction("controld_trusted")) -- wg_trusted vlan
addAction("192.168.2.0/24", PoolAction("cloudflare"))     -- guest vlan
Initial Commit. 2023-03-29 13:30:45 -05:00			`-- udp/tcp dns listening`
			`setLocal("0.0.0.0:53", {})`

			`-- Local CoreDNS`
			`newServer({`
			`address = "10.5.0.3",`
			`pool = "coredns"`
			`})`

			`-- ControlD - Servers`
			`newServer({`
			`address = "76.76.2.22:443",`
			`tls = "openssl",`
			`subjectName = "dns.controld.com",`
			`dohPath = "/14pk0z49y0u",`
			`validateCertificates = true,`
			`checkInterval = 10,`
			`checkTimeout = 2000,`
			`pool = "controld_servers"`
			`})`

			`-- ControlD - Trusted`
			`newServer({`
			`address = "76.76.2.22:443",`
			`tls = "openssl",`
			`subjectName = "dns.controld.com",`
			`dohPath = "/7l9xgidtyr",`
			`validateCertificates = true,`
			`checkInterval = 10,`
			`checkTimeout = 2000,`
			`pool = "controld_trusted"`
			`})`

			`-- ControlD - IoT`
			`newServer({`
			`address = "76.76.2.22:443",`
			`tls = "openssl",`
			`subjectName = "dns.controld.com",`
			`dohPath = "/227g88d4fp5",`
			`validateCertificates = true,`
			`checkInterval = 10,`
			`checkTimeout = 2000,`
			`pool = "controld_iot"`
			`})`

			`-- CloudFlare DNS over TLS`
			`newServer({`
			`address = "1.1.1.1:853",`
			`tls = "openssl",`
			`subjectName = "cloudflare-dns.com",`
			`validateCertificates = true,`
			`checkInterval = 10,`
			`checkTimeout = 2000,`
			`pool = "cloudflare"`
			`})`
			`newServer({`
			`address = "1.0.0.1:853",`
			`tls = "openssl",`
			`subjectName = "cloudflare-dns.com",`
			`validateCertificates = true,`
			`checkInterval = 10,`
			`checkTimeout = 2000,`
			`pool = "cloudflare"`
			`})`

			`-- Enable caching`
			`pc = newPacketCache(10000, {`
			`maxTTL = 86400,`
			`minTTL = 0,`
			`temporaryFailureTTL = 60,`
			`staleTTL = 60,`
			`dontAge = false`
			`})`
			`getPool(""):setCache(pc)`

			`-- Request logging, uncomment to log DNS requests/responses to stdout`
			`-- addAction(AllRule(), LogAction("", false, false, true, false, false))`
			`-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))`

			`-- Routing rules`
			`addAction('unifi', PoolAction('coredns'))`
			`addAction('hsn.dev', PoolAction('coredns'))`
			`addAction('jahanson.tech', PoolAction('coredns'))`
			`addAction('1.10.in-addr.arpa', PoolAction('coredns'))`

			`addAction("10.1.0.0/24", PoolAction("controld_servers")) -- lan`
			`addAction("10.1.1.0/24", PoolAction("controld_servers")) -- servers vlan`
			`addAction("10.1.2.0/24", PoolAction("controld_trusted")) -- trusted vlan`
			`addAction("10.1.3.0/24", PoolAction("controld_iot")) -- iot vlan`
			`addAction("10.0.11.0/24", PoolAction("controld_trusted")) -- wg_trusted vlan`
			`addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan`