Replaced coredns with Bind.
This commit is contained in:
parent
ebb7a44f65
commit
786724ae8d
12 changed files with 264 additions and 158 deletions
|
@ -16,22 +16,37 @@ set container name cloudflare-ddns memory '0'
|
||||||
set container name cloudflare-ddns restart 'on-failure'
|
set container name cloudflare-ddns restart 'on-failure'
|
||||||
set container name cloudflare-ddns shared-memory '0'
|
set container name cloudflare-ddns shared-memory '0'
|
||||||
|
|
||||||
# coredns - main instance
|
# # coredns - main instance
|
||||||
set container name coredns cap-add 'net-bind-service'
|
# set container name coredns cap-add 'net-bind-service'
|
||||||
set container name coredns image 'docker.io/coredns/coredns:1.10.1'
|
# set container name coredns image 'docker.io/coredns/coredns:1.10.1'
|
||||||
set container name coredns memory '0'
|
# set container name coredns memory '0'
|
||||||
set container name coredns network services address '10.5.0.3'
|
# set container name coredns network services address '10.5.0.3'
|
||||||
set container name coredns restart 'on-failure'
|
# set container name coredns restart 'on-failure'
|
||||||
set container name coredns shared-memory '0'
|
# set container name coredns shared-memory '0'
|
||||||
set container name coredns volume config destination '/config'
|
# set container name coredns volume config destination '/config'
|
||||||
set container name coredns volume config source '/config/containers/coredns/config'
|
# set container name coredns volume config source '/config/containers/coredns/config'
|
||||||
set container name coredns volume config mode 'ro'
|
# set container name coredns volume config mode 'ro'
|
||||||
set container name coredns volume corefile destination '/Corefile'
|
# set container name coredns volume corefile destination '/Corefile'
|
||||||
set container name coredns volume corefile source '/config/containers/coredns/config/Corefile'
|
# set container name coredns volume corefile source '/config/containers/coredns/config/Corefile'
|
||||||
set container name coredns volume corefile mode 'ro'
|
# set container name coredns volume corefile mode 'ro'
|
||||||
set container name coredns volume vyoshosts destination '/host/etc/hosts'
|
# set container name coredns volume vyoshosts destination '/host/etc/hosts'
|
||||||
set container name coredns volume vyoshosts source '/etc/hosts'
|
# set container name coredns volume vyoshosts source '/etc/hosts'
|
||||||
set container name coredns volume vyoshosts mode 'ro'
|
# set container name coredns volume vyoshosts mode 'ro'
|
||||||
|
|
||||||
|
# bind
|
||||||
|
set container name bind cap-add 'net-bind-service'
|
||||||
|
set container name bind image 'docker.io/internetsystemsconsortium/bind9:9.19'
|
||||||
|
set container name bind command '/usr/sbin/named -4 -f -c /etc/bind/named.conf -u bind'
|
||||||
|
set container name bind memory '0'
|
||||||
|
set container name bind network services address '10.5.0.3'
|
||||||
|
set container name bind restart 'on-failure'
|
||||||
|
set container name bind shared-memory '0'
|
||||||
|
set container name bind volume config source '/config/containers/bind/config'
|
||||||
|
set container name bind volume config destination '/etc/bind'
|
||||||
|
set container name bind volume config mode 'ro'
|
||||||
|
set container name bind volume cache source '/tmp/bind/cache'
|
||||||
|
set container name bind volume cache destination '/var/cache/bind'
|
||||||
|
set container name bind volume cache mode 'rw'
|
||||||
|
|
||||||
# dnsdist
|
# dnsdist
|
||||||
set container name dnsdist cap-add 'net-bind-service'
|
set container name dnsdist cap-add 'net-bind-service'
|
||||||
|
@ -41,8 +56,8 @@ set container name dnsdist memory '0'
|
||||||
set container name dnsdist network services address '10.5.0.4'
|
set container name dnsdist network services address '10.5.0.4'
|
||||||
set container name dnsdist restart 'on-failure'
|
set container name dnsdist restart 'on-failure'
|
||||||
set container name dnsdist shared-memory '0'
|
set container name dnsdist shared-memory '0'
|
||||||
set container name dnsdist volume config destination '/etc/dnsdist/dnsdist.conf'
|
|
||||||
set container name dnsdist volume config source '/config/containers/dnsdist/config/dnsdist.conf'
|
set container name dnsdist volume config source '/config/containers/dnsdist/config/dnsdist.conf'
|
||||||
|
set container name dnsdist volume config destination '/etc/dnsdist/dnsdist.conf'
|
||||||
set container name dnsdist volume config mode 'ro'
|
set container name dnsdist volume config mode 'ro'
|
||||||
|
|
||||||
# haproxy-k8s-api
|
# haproxy-k8s-api
|
||||||
|
@ -51,8 +66,8 @@ set container name haproxy-k8s-api memory '0'
|
||||||
set container name haproxy-k8s-api network services address '10.5.0.2'
|
set container name haproxy-k8s-api network services address '10.5.0.2'
|
||||||
set container name haproxy-k8s-api restart 'on-failure'
|
set container name haproxy-k8s-api restart 'on-failure'
|
||||||
set container name haproxy-k8s-api shared-memory '0'
|
set container name haproxy-k8s-api shared-memory '0'
|
||||||
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
|
|
||||||
set container name haproxy-k8s-api volume config source '/config/containers/haproxy/config/haproxy.cfg'
|
set container name haproxy-k8s-api volume config source '/config/containers/haproxy/config/haproxy.cfg'
|
||||||
|
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
|
||||||
set container name haproxy-k8s-api volume config mode 'ro'
|
set container name haproxy-k8s-api volume config mode 'ro'
|
||||||
|
|
||||||
# node-exporter
|
# node-exporter
|
||||||
|
@ -64,15 +79,15 @@ set container name node-exporter memory '0'
|
||||||
set container name node-exporter network services address '10.5.0.7'
|
set container name node-exporter network services address '10.5.0.7'
|
||||||
set container name node-exporter restart 'on-failure'
|
set container name node-exporter restart 'on-failure'
|
||||||
set container name node-exporter shared-memory '0'
|
set container name node-exporter shared-memory '0'
|
||||||
|
set container name node-exporter volume procfs source '/proc'
|
||||||
set container name node-exporter volume procfs destination '/host/proc'
|
set container name node-exporter volume procfs destination '/host/proc'
|
||||||
set container name node-exporter volume procfs mode 'ro'
|
set container name node-exporter volume procfs mode 'ro'
|
||||||
set container name node-exporter volume procfs source '/proc'
|
set container name node-exporter volume rootfs source '/'
|
||||||
set container name node-exporter volume rootfs destination '/host/rootfs'
|
set container name node-exporter volume rootfs destination '/host/rootfs'
|
||||||
set container name node-exporter volume rootfs mode 'ro'
|
set container name node-exporter volume rootfs mode 'ro'
|
||||||
set container name node-exporter volume rootfs source '/'
|
set container name node-exporter volume sysfs source '/sys'
|
||||||
set container name node-exporter volume sysfs destination '/host/sys'
|
set container name node-exporter volume sysfs destination '/host/sys'
|
||||||
set container name node-exporter volume sysfs mode 'ro'
|
set container name node-exporter volume sysfs mode 'ro'
|
||||||
set container name node-exporter volume sysfs source '/sys'
|
|
||||||
|
|
||||||
# speedtest-exporter
|
# speedtest-exporter
|
||||||
set container name speedtest-exporter image 'ghcr.io/miguelndecarvalho/speedtest-exporter:v3.5.3'
|
set container name speedtest-exporter image 'ghcr.io/miguelndecarvalho/speedtest-exporter:v3.5.3'
|
||||||
|
@ -118,8 +133,9 @@ set container name unifi memory '0'
|
||||||
set container name unifi network services address '10.5.0.10'
|
set container name unifi network services address '10.5.0.10'
|
||||||
set container name unifi restart 'on-failure'
|
set container name unifi restart 'on-failure'
|
||||||
set container name unifi shared-memory '0'
|
set container name unifi shared-memory '0'
|
||||||
set container name unifi volume data destination '/unifi'
|
|
||||||
set container name unifi volume data source '/config/containers/unifi'
|
set container name unifi volume data source '/config/containers/unifi'
|
||||||
|
set container name unifi volume data destination '/unifi'
|
||||||
|
set container name unifi volume data mode 'rw'
|
||||||
|
|
||||||
# onepassword-connect
|
# onepassword-connect
|
||||||
set container name onepassword-connect image 'docker.io/1password/connect-api:1.7.0'
|
set container name onepassword-connect image 'docker.io/1password/connect-api:1.7.0'
|
||||||
|
|
|
@ -1,8 +1,5 @@
|
||||||
#!/bin/vbash
|
#!/bin/vbash
|
||||||
|
|
||||||
set service dhcp-server hostfile-update
|
|
||||||
set service dhcp-server host-decl-name
|
|
||||||
|
|
||||||
# Guest VLAN
|
# Guest VLAN
|
||||||
set service dhcp-server shared-network-name GUEST authoritative
|
set service dhcp-server shared-network-name GUEST authoritative
|
||||||
set service dhcp-server shared-network-name GUEST ping-check
|
set service dhcp-server shared-network-name GUEST ping-check
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
# Gateway
|
|
||||||
set system static-host-mapping host-name gateway.jahanson.tech inet 10.1.0.1
|
|
||||||
set system static-host-mapping host-name gateway.jahanson.tech alias vpn.hsn.dev
|
|
||||||
set system static-host-mapping host-name gateway.jahanson.tech alias ipv4.hsn.dev
|
|
||||||
|
|
||||||
# Unifi controller
|
|
||||||
set system static-host-mapping host-name unifi inet 10.5.0.10
|
|
||||||
|
|
||||||
# 1Password Connect
|
|
||||||
set system static-host-mapping host-name onepassword-connect.hsn.dev inet 10.5.0.5
|
|
||||||
|
|
||||||
# NAS
|
|
||||||
set system static-host-mapping host-name elessar.jahanson.tech inet 10.1.1.11
|
|
||||||
set system static-host-mapping host-name elessar.jahanson.tech alias nas.jahanson.tech
|
|
||||||
set system static-host-mapping host-name elessar.jahanson.tech alias minio.hsn.dev
|
|
||||||
set system static-host-mapping host-name elessar.jahanson.tech alias s3.hsn.dev
|
|
||||||
|
|
||||||
# Home Assistant
|
|
||||||
set system static-host-mapping host-name homeassistant.jahanson.tech inet 10.1.1.13
|
|
||||||
|
|
||||||
# Kubernetes hosts
|
|
||||||
set system static-host-mapping host-name gandalf.jahanson.tech inet 10.1.1.31
|
|
||||||
set system static-host-mapping host-name glamdring.jahanson.tech inet 10.1.1.32
|
|
||||||
set system static-host-mapping host-name shadowfax.jahanson.tech inet 10.1.1.33
|
|
||||||
|
|
||||||
# Kubernetes cluster VIP
|
|
||||||
set system static-host-mapping host-name cluster-0.jahanson.tech inet 10.5.0.2
|
|
||||||
|
|
||||||
# Other hosts
|
|
||||||
set system static-host-mapping host-name sting.jahanson.tech inet 10.1.1.12
|
|
||||||
set system static-host-mapping host-name frodo.jahanson.tech inet 10.1.1.52
|
|
||||||
set system static-host-mapping host-name frodo.jahanson.tech alias pikvm.jahanson.tech
|
|
||||||
set system static-host-mapping host-name nextcloud.jahanson.tech inet 10.1.1.51
|
|
||||||
|
|
||||||
set system static-host-mapping host-name driveway-camera-doorbell.jahanson.tech inet 10.1.4.12
|
|
||||||
set system static-host-mapping host-name hallway-zigbee-adapter.jahanson.tech inet 10.1.3.46
|
|
||||||
set system static-host-mapping host-name garage-tablet.jahanson.tech inet 10.1.3.54
|
|
||||||
set system static-host-mapping host-name hallway-tablet.jahanson.tech inet 10.1.3.53
|
|
||||||
set system static-host-mapping host-name livingroom-vacuum.jahanson.tech inet 10.1.3.18
|
|
||||||
set system static-host-mapping host-name upstairs-vacuum.jahanson.tech inet 10.1.3.22
|
|
2
containers/.gitignore
vendored
2
containers/.gitignore
vendored
|
@ -4,7 +4,7 @@
|
||||||
# Track certain files and directories
|
# Track certain files and directories
|
||||||
!.gitignore
|
!.gitignore
|
||||||
|
|
||||||
!/coredns/
|
!/bind/
|
||||||
!/dnsdist/
|
!/dnsdist/
|
||||||
!/haproxy/
|
!/haproxy/
|
||||||
!/unifi/
|
!/unifi/
|
||||||
|
|
|
@ -6,9 +6,8 @@
|
||||||
|
|
||||||
!/config/
|
!/config/
|
||||||
/config/*
|
/config/*
|
||||||
!/config/Corefile
|
|
||||||
!/config/custom-hosts
|
|
||||||
|
|
||||||
!/config-vyos/
|
!/config/named.conf
|
||||||
/config-vyos/*
|
!/config/zones/
|
||||||
!/config-vyos/Corefile
|
/config/zones/*
|
||||||
|
!/config/zones/db.*
|
73
containers/bind/config/named.conf
Normal file
73
containers/bind/config/named.conf
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
# Only define the known VLAN subnets as trusted
|
||||||
|
acl "trusted" {
|
||||||
|
10.1.0.0/24; # LAN
|
||||||
|
10.1.1.0/24; # SERVERS
|
||||||
|
10.1.2.0/24; # TRUSTED
|
||||||
|
10.1.3.0/24; # IOT
|
||||||
|
10.1.4.0/24; # VIDEO
|
||||||
|
192.168.2.0/24; # GUEST
|
||||||
|
10.0.11.0/24; # WIREGUARD
|
||||||
|
10.5.0.0/24; # SERVICES
|
||||||
|
};
|
||||||
|
|
||||||
|
options {
|
||||||
|
directory "/var/cache/bind";
|
||||||
|
listen-on { 127.0.0.1; 10.5.0.3; };
|
||||||
|
|
||||||
|
allow-recursion {
|
||||||
|
trusted;
|
||||||
|
};
|
||||||
|
allow-transfer {
|
||||||
|
none;
|
||||||
|
};
|
||||||
|
allow-update {
|
||||||
|
none;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
logging {
|
||||||
|
channel stdout {
|
||||||
|
stderr;
|
||||||
|
severity info;
|
||||||
|
print-category yes;
|
||||||
|
print-severity yes;
|
||||||
|
print-time yes;
|
||||||
|
};
|
||||||
|
category security { stdout; };
|
||||||
|
category dnssec { stdout; };
|
||||||
|
category default { stdout; };
|
||||||
|
};
|
||||||
|
|
||||||
|
include "/etc/bind/rndc.key";
|
||||||
|
include "/etc/bind/externaldns.key";
|
||||||
|
|
||||||
|
controls {
|
||||||
|
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "unifi." {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/zones/db.unifi";
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "jahanson.tech." {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/zones/db.jahanson.tech";
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "hsn.dev." {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/zones/db.hsn.dev";
|
||||||
|
journal "/var/cache/bind/db.hsn.dev.jnl";
|
||||||
|
allow-transfer {
|
||||||
|
key "externaldns";
|
||||||
|
};
|
||||||
|
update-policy {
|
||||||
|
grant externaldns zonesub ANY;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "1.10.in-addr.arpa." {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/zones/db.1.10.in-addr.arpa";
|
||||||
|
};
|
36
containers/bind/config/zones/db.1.10.in-addr.arpa
Normal file
36
containers/bind/config/zones/db.1.10.in-addr.arpa
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||||
|
; https://www.epochconverter.com/
|
||||||
|
|
||||||
|
; SOA Records
|
||||||
|
$TTL 3600
|
||||||
|
$ORIGIN 1.10.in-addr.arpa.
|
||||||
|
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||||
|
1683235219 ; serial number (epoch timestamp)
|
||||||
|
7200 ; refresh period
|
||||||
|
3600 ; retry period
|
||||||
|
1209600 ; expire time
|
||||||
|
3600 ; minimum ttl
|
||||||
|
)
|
||||||
|
|
||||||
|
; NS Records
|
||||||
|
@ IN NS gateway.jahanson.tech.
|
||||||
|
|
||||||
|
; Reset origin
|
||||||
|
$ORIGIN in-addr.arpa.
|
||||||
|
|
||||||
|
; LAN
|
||||||
|
1.0.1.10 IN PTR gateway.jahanson.tech.
|
||||||
|
|
||||||
|
; Servers
|
||||||
|
11.1.1.10 IN PTR elessar.jahanson.tech.
|
||||||
|
31.1.1.10 IN PTR gandalf.jahanson.tech.
|
||||||
|
32.1.1.10 IN PTR glamdring.jahanson.tech.
|
||||||
|
33.1.1.10 IN PTR shadowfax.jahanson.tech.
|
||||||
|
51.1.1.10 IN PTR nextcloud.jahanson.tech.
|
||||||
|
52.1.1.10 IN PTR frodo.jahanson.tech.
|
||||||
|
|
||||||
|
; IOT
|
||||||
|
18.3.1.10 IN PTR livingroom-vacuum.jahanson.tech.
|
||||||
|
|
||||||
|
; Video
|
||||||
|
12.4.1.10 IN PTR driveway-camera.jahanson.tech.
|
23
containers/bind/config/zones/db.hsn.dev
Normal file
23
containers/bind/config/zones/db.hsn.dev
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||||
|
; https://www.epochconverter.com/
|
||||||
|
|
||||||
|
; SOA Records
|
||||||
|
$TTL 3600
|
||||||
|
$ORIGIN hsn.dev.
|
||||||
|
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||||
|
1683235219 ; serial number (epoch timestamp)
|
||||||
|
7200 ; refresh period
|
||||||
|
3600 ; retry period
|
||||||
|
1209600 ; expire time
|
||||||
|
3600 ; minimum ttl
|
||||||
|
)
|
||||||
|
|
||||||
|
; NS Records
|
||||||
|
@ IN NS gateway.jahanson.tech.
|
||||||
|
|
||||||
|
; Services
|
||||||
|
onepassword-connect IN A 10.5.0.5
|
||||||
|
|
||||||
|
; CNAME Records
|
||||||
|
s3 IN CNAME nas.jahanson.tech.
|
||||||
|
vpn IN CNAME gateway.jahanson.tech.
|
41
containers/bind/config/zones/db.jahanson.tech
Normal file
41
containers/bind/config/zones/db.jahanson.tech
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||||
|
; https://www.epochconverter.com/
|
||||||
|
|
||||||
|
; SOA Records
|
||||||
|
$TTL 3600
|
||||||
|
$ORIGIN jahanson.tech.
|
||||||
|
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||||
|
1683235219 ; serial number (epoch timestamp)
|
||||||
|
7200 ; refresh period
|
||||||
|
3600 ; retry period
|
||||||
|
1209600 ; expire time
|
||||||
|
3600 ; minimum ttl
|
||||||
|
)
|
||||||
|
|
||||||
|
; NS Records
|
||||||
|
@ IN NS gateway.jahanson.tech.
|
||||||
|
|
||||||
|
; LAN
|
||||||
|
gateway IN A 10.1.0.1
|
||||||
|
|
||||||
|
; Servers
|
||||||
|
elessar IN A 10.1.1.11
|
||||||
|
gandalf IN A 10.1.1.31
|
||||||
|
glamdring IN A 10.1.1.32
|
||||||
|
shadowfax IN A 10.1.1.33
|
||||||
|
nextcloud IN A 10.1.1.51
|
||||||
|
frodo IN A 10.1.1.52
|
||||||
|
|
||||||
|
; IOT
|
||||||
|
livingroom-vacuum IN A 10.1.3.18
|
||||||
|
|
||||||
|
; Video
|
||||||
|
driveway-camera l IN A 10.1.4.12
|
||||||
|
|
||||||
|
; Services
|
||||||
|
cluster-0 IN A 10.5.0.2
|
||||||
|
|
||||||
|
; CNAME records
|
||||||
|
nas IN CNAME elessar.jahanson.tech.
|
||||||
|
pikvm IN CNAME frodo.jahanson.tech.
|
||||||
|
s3 IN CNAME gateway.jahanson.tech.
|
19
containers/bind/config/zones/db.unifi
Normal file
19
containers/bind/config/zones/db.unifi
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||||
|
; https://www.epochconverter.com/
|
||||||
|
|
||||||
|
; SOA Records
|
||||||
|
$TTL 3600
|
||||||
|
$ORIGIN unifi.
|
||||||
|
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||||
|
1683235219 ; serial number (epoch timestamp)
|
||||||
|
7200 ; refresh period
|
||||||
|
3600 ; retry period
|
||||||
|
1209600 ; expire time
|
||||||
|
3600 ; minimum ttl
|
||||||
|
)
|
||||||
|
|
||||||
|
; NS Records
|
||||||
|
@ IN NS gateway.jahanson.tech.
|
||||||
|
|
||||||
|
; CNAME Records
|
||||||
|
@ IN A 10.5.0.10
|
|
@ -1,60 +0,0 @@
|
||||||
(common) {
|
|
||||||
errors
|
|
||||||
log error
|
|
||||||
reload
|
|
||||||
loadbalance
|
|
||||||
cache
|
|
||||||
loop
|
|
||||||
local
|
|
||||||
|
|
||||||
prometheus :9153
|
|
||||||
|
|
||||||
health {
|
|
||||||
lameduck 5s
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
(k8s_gateway) {
|
|
||||||
forward . 10.45.0.3:53
|
|
||||||
}
|
|
||||||
|
|
||||||
unifi {
|
|
||||||
import common
|
|
||||||
hosts /host/etc/hosts {
|
|
||||||
ttl 1
|
|
||||||
reload 5s
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Hack to prevent the gatway returning 127.0.0.1 from /etc/hosts
|
|
||||||
gateway.jahanson.tech {
|
|
||||||
import common
|
|
||||||
template IN A gateway.jahanson.tech {
|
|
||||||
answer "{{ .Name }} 60 IN A 10.1.0.1"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
hsn.dev {
|
|
||||||
import common
|
|
||||||
hosts /host/etc/hosts {
|
|
||||||
ttl 1
|
|
||||||
reload 5s
|
|
||||||
fallthrough
|
|
||||||
}
|
|
||||||
import k8s_gateway
|
|
||||||
}
|
|
||||||
|
|
||||||
jahanson.tech {
|
|
||||||
import common
|
|
||||||
hosts /host/etc/hosts {
|
|
||||||
ttl 1
|
|
||||||
reload 5s
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
1.10.in-addr.arpa {
|
|
||||||
hosts /host/etc/hosts {
|
|
||||||
ttl 1
|
|
||||||
reload 5s
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,46 +1,47 @@
|
||||||
-- udp/tcp dns listening
|
-- udp/tcp dns listening
|
||||||
setLocal("0.0.0.0:53", {})
|
setLocal("0.0.0.0:53", {})
|
||||||
|
|
||||||
-- Local CoreDNS
|
-- Local Bind
|
||||||
newServer({
|
newServer({
|
||||||
address = "10.5.0.3",
|
address = "10.5.0.3",
|
||||||
pool = "coredns"
|
pool = "bind",
|
||||||
|
checkName = "gateway.jahanson.tech"
|
||||||
})
|
})
|
||||||
|
|
||||||
-- ControlD - Servers
|
-- NextDNS - Servers
|
||||||
newServer({
|
newServer({
|
||||||
address = "76.76.2.22:443",
|
address = "188.172.251.1:443",
|
||||||
tls = "openssl",
|
tls = "openssl",
|
||||||
subjectName = "dns.controld.com",
|
subjectName = "8d3cd7.dns.nextdns.io",
|
||||||
dohPath = "/14pk0z49y0u",
|
dohPath = "/8d3cd7",
|
||||||
validateCertificates = true,
|
validateCertificates = true,
|
||||||
checkInterval = 10,
|
checkInterval = 10,
|
||||||
checkTimeout = 2000,
|
checkTimeout = 2000,
|
||||||
pool = "controld_servers"
|
pool = "nextdns_servers"
|
||||||
})
|
})
|
||||||
|
|
||||||
-- ControlD - Trusted
|
-- NextDNS - Trusted
|
||||||
newServer({
|
newServer({
|
||||||
address = "76.76.2.22:443",
|
address = "188.172.251.1:443",
|
||||||
tls = "openssl",
|
tls = "openssl",
|
||||||
subjectName = "dns.controld.com",
|
subjectName = "d79ecb.dns.nextdns.io",
|
||||||
dohPath = "/7l9xgidtyr",
|
dohPath = "/d79ecb",
|
||||||
validateCertificates = true,
|
validateCertificates = true,
|
||||||
checkInterval = 10,
|
checkInterval = 10,
|
||||||
checkTimeout = 2000,
|
checkTimeout = 2000,
|
||||||
pool = "controld_trusted"
|
pool = "nextdns_trusted"
|
||||||
})
|
})
|
||||||
|
|
||||||
-- ControlD - IoT
|
-- NextDNS - IoT
|
||||||
newServer({
|
newServer({
|
||||||
address = "76.76.2.22:443",
|
address = "188.172.251.1:443",
|
||||||
tls = "openssl",
|
tls = "openssl",
|
||||||
subjectName = "dns.controld.com",
|
subjectName = "e29a3c.dns.nextdns.io",
|
||||||
dohPath = "/227g88d4fp5",
|
dohPath = "/e29a3c",
|
||||||
validateCertificates = true,
|
validateCertificates = true,
|
||||||
checkInterval = 10,
|
checkInterval = 10,
|
||||||
checkTimeout = 2000,
|
checkTimeout = 2000,
|
||||||
pool = "controld_iot"
|
pool = "nextdns_iot"
|
||||||
})
|
})
|
||||||
|
|
||||||
-- CloudFlare DNS over TLS
|
-- CloudFlare DNS over TLS
|
||||||
|
@ -78,14 +79,15 @@ getPool(""):setCache(pc)
|
||||||
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))
|
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))
|
||||||
|
|
||||||
-- Routing rules
|
-- Routing rules
|
||||||
addAction('unifi', PoolAction('coredns'))
|
|
||||||
addAction('hsn.dev', PoolAction('coredns'))
|
|
||||||
addAction('jahanson.tech', PoolAction('coredns'))
|
|
||||||
addAction('1.10.in-addr.arpa', PoolAction('coredns'))
|
|
||||||
|
|
||||||
addAction("10.1.0.0/24", PoolAction("controld_servers")) -- lan
|
|
||||||
addAction("10.1.1.0/24", PoolAction("controld_servers")) -- servers vlan
|
|
||||||
addAction("10.1.2.0/24", PoolAction("controld_trusted")) -- trusted vlan
|
|
||||||
addAction("10.1.3.0/24", PoolAction("controld_iot")) -- iot vlan
|
|
||||||
addAction("10.0.11.0/24", PoolAction("controld_trusted")) -- wg_trusted vlan
|
|
||||||
addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan
|
addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan
|
||||||
|
addAction("192.168.2.0/24", DropAction()) -- stop processing
|
||||||
|
addAction('unifi', PoolAction('bind'))
|
||||||
|
addAction('hsn.dev', PoolAction('bind'))
|
||||||
|
addAction('jahanson.tech', PoolAction('bind'))
|
||||||
|
addAction('1.10.in-addr.arpa', PoolAction('bind'))
|
||||||
|
|
||||||
|
addAction("10.1.0.0/24", PoolAction("nextdns_servers")) -- lan
|
||||||
|
addAction("10.1.1.0/24", PoolAction("nextdns_servers")) -- servers vlan
|
||||||
|
addAction("10.1.2.0/24", PoolAction("nextdns_trusted")) -- trusted vlan
|
||||||
|
addAction("10.1.3.0/24", PoolAction("nextdns_iot")) -- iot vlan
|
||||||
|
addAction("10.0.11.0/24", PoolAction("nextdns_trusted")) -- wg_trusted vlan
|
Reference in a new issue