Replaced coredns with Bind.
This commit is contained in:
parent
ebb7a44f65
commit
786724ae8d
12 changed files with 264 additions and 158 deletions
|
@ -16,22 +16,37 @@ set container name cloudflare-ddns memory '0'
|
|||
set container name cloudflare-ddns restart 'on-failure'
|
||||
set container name cloudflare-ddns shared-memory '0'
|
||||
|
||||
# coredns - main instance
|
||||
set container name coredns cap-add 'net-bind-service'
|
||||
set container name coredns image 'docker.io/coredns/coredns:1.10.1'
|
||||
set container name coredns memory '0'
|
||||
set container name coredns network services address '10.5.0.3'
|
||||
set container name coredns restart 'on-failure'
|
||||
set container name coredns shared-memory '0'
|
||||
set container name coredns volume config destination '/config'
|
||||
set container name coredns volume config source '/config/containers/coredns/config'
|
||||
set container name coredns volume config mode 'ro'
|
||||
set container name coredns volume corefile destination '/Corefile'
|
||||
set container name coredns volume corefile source '/config/containers/coredns/config/Corefile'
|
||||
set container name coredns volume corefile mode 'ro'
|
||||
set container name coredns volume vyoshosts destination '/host/etc/hosts'
|
||||
set container name coredns volume vyoshosts source '/etc/hosts'
|
||||
set container name coredns volume vyoshosts mode 'ro'
|
||||
# # coredns - main instance
|
||||
# set container name coredns cap-add 'net-bind-service'
|
||||
# set container name coredns image 'docker.io/coredns/coredns:1.10.1'
|
||||
# set container name coredns memory '0'
|
||||
# set container name coredns network services address '10.5.0.3'
|
||||
# set container name coredns restart 'on-failure'
|
||||
# set container name coredns shared-memory '0'
|
||||
# set container name coredns volume config destination '/config'
|
||||
# set container name coredns volume config source '/config/containers/coredns/config'
|
||||
# set container name coredns volume config mode 'ro'
|
||||
# set container name coredns volume corefile destination '/Corefile'
|
||||
# set container name coredns volume corefile source '/config/containers/coredns/config/Corefile'
|
||||
# set container name coredns volume corefile mode 'ro'
|
||||
# set container name coredns volume vyoshosts destination '/host/etc/hosts'
|
||||
# set container name coredns volume vyoshosts source '/etc/hosts'
|
||||
# set container name coredns volume vyoshosts mode 'ro'
|
||||
|
||||
# bind
|
||||
set container name bind cap-add 'net-bind-service'
|
||||
set container name bind image 'docker.io/internetsystemsconsortium/bind9:9.19'
|
||||
set container name bind command '/usr/sbin/named -4 -f -c /etc/bind/named.conf -u bind'
|
||||
set container name bind memory '0'
|
||||
set container name bind network services address '10.5.0.3'
|
||||
set container name bind restart 'on-failure'
|
||||
set container name bind shared-memory '0'
|
||||
set container name bind volume config source '/config/containers/bind/config'
|
||||
set container name bind volume config destination '/etc/bind'
|
||||
set container name bind volume config mode 'ro'
|
||||
set container name bind volume cache source '/tmp/bind/cache'
|
||||
set container name bind volume cache destination '/var/cache/bind'
|
||||
set container name bind volume cache mode 'rw'
|
||||
|
||||
# dnsdist
|
||||
set container name dnsdist cap-add 'net-bind-service'
|
||||
|
@ -41,8 +56,8 @@ set container name dnsdist memory '0'
|
|||
set container name dnsdist network services address '10.5.0.4'
|
||||
set container name dnsdist restart 'on-failure'
|
||||
set container name dnsdist shared-memory '0'
|
||||
set container name dnsdist volume config destination '/etc/dnsdist/dnsdist.conf'
|
||||
set container name dnsdist volume config source '/config/containers/dnsdist/config/dnsdist.conf'
|
||||
set container name dnsdist volume config destination '/etc/dnsdist/dnsdist.conf'
|
||||
set container name dnsdist volume config mode 'ro'
|
||||
|
||||
# haproxy-k8s-api
|
||||
|
@ -51,8 +66,8 @@ set container name haproxy-k8s-api memory '0'
|
|||
set container name haproxy-k8s-api network services address '10.5.0.2'
|
||||
set container name haproxy-k8s-api restart 'on-failure'
|
||||
set container name haproxy-k8s-api shared-memory '0'
|
||||
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
|
||||
set container name haproxy-k8s-api volume config source '/config/containers/haproxy/config/haproxy.cfg'
|
||||
set container name haproxy-k8s-api volume config destination '/usr/local/etc/haproxy/haproxy.cfg'
|
||||
set container name haproxy-k8s-api volume config mode 'ro'
|
||||
|
||||
# node-exporter
|
||||
|
@ -64,15 +79,15 @@ set container name node-exporter memory '0'
|
|||
set container name node-exporter network services address '10.5.0.7'
|
||||
set container name node-exporter restart 'on-failure'
|
||||
set container name node-exporter shared-memory '0'
|
||||
set container name node-exporter volume procfs source '/proc'
|
||||
set container name node-exporter volume procfs destination '/host/proc'
|
||||
set container name node-exporter volume procfs mode 'ro'
|
||||
set container name node-exporter volume procfs source '/proc'
|
||||
set container name node-exporter volume rootfs source '/'
|
||||
set container name node-exporter volume rootfs destination '/host/rootfs'
|
||||
set container name node-exporter volume rootfs mode 'ro'
|
||||
set container name node-exporter volume rootfs source '/'
|
||||
set container name node-exporter volume sysfs source '/sys'
|
||||
set container name node-exporter volume sysfs destination '/host/sys'
|
||||
set container name node-exporter volume sysfs mode 'ro'
|
||||
set container name node-exporter volume sysfs source '/sys'
|
||||
|
||||
# speedtest-exporter
|
||||
set container name speedtest-exporter image 'ghcr.io/miguelndecarvalho/speedtest-exporter:v3.5.3'
|
||||
|
@ -118,8 +133,9 @@ set container name unifi memory '0'
|
|||
set container name unifi network services address '10.5.0.10'
|
||||
set container name unifi restart 'on-failure'
|
||||
set container name unifi shared-memory '0'
|
||||
set container name unifi volume data destination '/unifi'
|
||||
set container name unifi volume data source '/config/containers/unifi'
|
||||
set container name unifi volume data destination '/unifi'
|
||||
set container name unifi volume data mode 'rw'
|
||||
|
||||
# onepassword-connect
|
||||
set container name onepassword-connect image 'docker.io/1password/connect-api:1.7.0'
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
#!/bin/vbash
|
||||
|
||||
set service dhcp-server hostfile-update
|
||||
set service dhcp-server host-decl-name
|
||||
|
||||
# Guest VLAN
|
||||
set service dhcp-server shared-network-name GUEST authoritative
|
||||
set service dhcp-server shared-network-name GUEST ping-check
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
# Gateway
|
||||
set system static-host-mapping host-name gateway.jahanson.tech inet 10.1.0.1
|
||||
set system static-host-mapping host-name gateway.jahanson.tech alias vpn.hsn.dev
|
||||
set system static-host-mapping host-name gateway.jahanson.tech alias ipv4.hsn.dev
|
||||
|
||||
# Unifi controller
|
||||
set system static-host-mapping host-name unifi inet 10.5.0.10
|
||||
|
||||
# 1Password Connect
|
||||
set system static-host-mapping host-name onepassword-connect.hsn.dev inet 10.5.0.5
|
||||
|
||||
# NAS
|
||||
set system static-host-mapping host-name elessar.jahanson.tech inet 10.1.1.11
|
||||
set system static-host-mapping host-name elessar.jahanson.tech alias nas.jahanson.tech
|
||||
set system static-host-mapping host-name elessar.jahanson.tech alias minio.hsn.dev
|
||||
set system static-host-mapping host-name elessar.jahanson.tech alias s3.hsn.dev
|
||||
|
||||
# Home Assistant
|
||||
set system static-host-mapping host-name homeassistant.jahanson.tech inet 10.1.1.13
|
||||
|
||||
# Kubernetes hosts
|
||||
set system static-host-mapping host-name gandalf.jahanson.tech inet 10.1.1.31
|
||||
set system static-host-mapping host-name glamdring.jahanson.tech inet 10.1.1.32
|
||||
set system static-host-mapping host-name shadowfax.jahanson.tech inet 10.1.1.33
|
||||
|
||||
# Kubernetes cluster VIP
|
||||
set system static-host-mapping host-name cluster-0.jahanson.tech inet 10.5.0.2
|
||||
|
||||
# Other hosts
|
||||
set system static-host-mapping host-name sting.jahanson.tech inet 10.1.1.12
|
||||
set system static-host-mapping host-name frodo.jahanson.tech inet 10.1.1.52
|
||||
set system static-host-mapping host-name frodo.jahanson.tech alias pikvm.jahanson.tech
|
||||
set system static-host-mapping host-name nextcloud.jahanson.tech inet 10.1.1.51
|
||||
|
||||
set system static-host-mapping host-name driveway-camera-doorbell.jahanson.tech inet 10.1.4.12
|
||||
set system static-host-mapping host-name hallway-zigbee-adapter.jahanson.tech inet 10.1.3.46
|
||||
set system static-host-mapping host-name garage-tablet.jahanson.tech inet 10.1.3.54
|
||||
set system static-host-mapping host-name hallway-tablet.jahanson.tech inet 10.1.3.53
|
||||
set system static-host-mapping host-name livingroom-vacuum.jahanson.tech inet 10.1.3.18
|
||||
set system static-host-mapping host-name upstairs-vacuum.jahanson.tech inet 10.1.3.22
|
2
containers/.gitignore
vendored
2
containers/.gitignore
vendored
|
@ -4,7 +4,7 @@
|
|||
# Track certain files and directories
|
||||
!.gitignore
|
||||
|
||||
!/coredns/
|
||||
!/bind/
|
||||
!/dnsdist/
|
||||
!/haproxy/
|
||||
!/unifi/
|
||||
|
|
|
@ -6,9 +6,8 @@
|
|||
|
||||
!/config/
|
||||
/config/*
|
||||
!/config/Corefile
|
||||
!/config/custom-hosts
|
||||
|
||||
!/config-vyos/
|
||||
/config-vyos/*
|
||||
!/config-vyos/Corefile
|
||||
!/config/named.conf
|
||||
!/config/zones/
|
||||
/config/zones/*
|
||||
!/config/zones/db.*
|
73
containers/bind/config/named.conf
Normal file
73
containers/bind/config/named.conf
Normal file
|
@ -0,0 +1,73 @@
|
|||
# Only define the known VLAN subnets as trusted
|
||||
acl "trusted" {
|
||||
10.1.0.0/24; # LAN
|
||||
10.1.1.0/24; # SERVERS
|
||||
10.1.2.0/24; # TRUSTED
|
||||
10.1.3.0/24; # IOT
|
||||
10.1.4.0/24; # VIDEO
|
||||
192.168.2.0/24; # GUEST
|
||||
10.0.11.0/24; # WIREGUARD
|
||||
10.5.0.0/24; # SERVICES
|
||||
};
|
||||
|
||||
options {
|
||||
directory "/var/cache/bind";
|
||||
listen-on { 127.0.0.1; 10.5.0.3; };
|
||||
|
||||
allow-recursion {
|
||||
trusted;
|
||||
};
|
||||
allow-transfer {
|
||||
none;
|
||||
};
|
||||
allow-update {
|
||||
none;
|
||||
};
|
||||
};
|
||||
|
||||
logging {
|
||||
channel stdout {
|
||||
stderr;
|
||||
severity info;
|
||||
print-category yes;
|
||||
print-severity yes;
|
||||
print-time yes;
|
||||
};
|
||||
category security { stdout; };
|
||||
category dnssec { stdout; };
|
||||
category default { stdout; };
|
||||
};
|
||||
|
||||
include "/etc/bind/rndc.key";
|
||||
include "/etc/bind/externaldns.key";
|
||||
|
||||
controls {
|
||||
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
|
||||
};
|
||||
|
||||
zone "unifi." {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.unifi";
|
||||
};
|
||||
|
||||
zone "jahanson.tech." {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.jahanson.tech";
|
||||
};
|
||||
|
||||
zone "hsn.dev." {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.hsn.dev";
|
||||
journal "/var/cache/bind/db.hsn.dev.jnl";
|
||||
allow-transfer {
|
||||
key "externaldns";
|
||||
};
|
||||
update-policy {
|
||||
grant externaldns zonesub ANY;
|
||||
};
|
||||
};
|
||||
|
||||
zone "1.10.in-addr.arpa." {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.1.10.in-addr.arpa";
|
||||
};
|
36
containers/bind/config/zones/db.1.10.in-addr.arpa
Normal file
36
containers/bind/config/zones/db.1.10.in-addr.arpa
Normal file
|
@ -0,0 +1,36 @@
|
|||
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||
; https://www.epochconverter.com/
|
||||
|
||||
; SOA Records
|
||||
$TTL 3600
|
||||
$ORIGIN 1.10.in-addr.arpa.
|
||||
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||
1683235219 ; serial number (epoch timestamp)
|
||||
7200 ; refresh period
|
||||
3600 ; retry period
|
||||
1209600 ; expire time
|
||||
3600 ; minimum ttl
|
||||
)
|
||||
|
||||
; NS Records
|
||||
@ IN NS gateway.jahanson.tech.
|
||||
|
||||
; Reset origin
|
||||
$ORIGIN in-addr.arpa.
|
||||
|
||||
; LAN
|
||||
1.0.1.10 IN PTR gateway.jahanson.tech.
|
||||
|
||||
; Servers
|
||||
11.1.1.10 IN PTR elessar.jahanson.tech.
|
||||
31.1.1.10 IN PTR gandalf.jahanson.tech.
|
||||
32.1.1.10 IN PTR glamdring.jahanson.tech.
|
||||
33.1.1.10 IN PTR shadowfax.jahanson.tech.
|
||||
51.1.1.10 IN PTR nextcloud.jahanson.tech.
|
||||
52.1.1.10 IN PTR frodo.jahanson.tech.
|
||||
|
||||
; IOT
|
||||
18.3.1.10 IN PTR livingroom-vacuum.jahanson.tech.
|
||||
|
||||
; Video
|
||||
12.4.1.10 IN PTR driveway-camera.jahanson.tech.
|
23
containers/bind/config/zones/db.hsn.dev
Normal file
23
containers/bind/config/zones/db.hsn.dev
Normal file
|
@ -0,0 +1,23 @@
|
|||
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||
; https://www.epochconverter.com/
|
||||
|
||||
; SOA Records
|
||||
$TTL 3600
|
||||
$ORIGIN hsn.dev.
|
||||
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||
1683235219 ; serial number (epoch timestamp)
|
||||
7200 ; refresh period
|
||||
3600 ; retry period
|
||||
1209600 ; expire time
|
||||
3600 ; minimum ttl
|
||||
)
|
||||
|
||||
; NS Records
|
||||
@ IN NS gateway.jahanson.tech.
|
||||
|
||||
; Services
|
||||
onepassword-connect IN A 10.5.0.5
|
||||
|
||||
; CNAME Records
|
||||
s3 IN CNAME nas.jahanson.tech.
|
||||
vpn IN CNAME gateway.jahanson.tech.
|
41
containers/bind/config/zones/db.jahanson.tech
Normal file
41
containers/bind/config/zones/db.jahanson.tech
Normal file
|
@ -0,0 +1,41 @@
|
|||
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||
; https://www.epochconverter.com/
|
||||
|
||||
; SOA Records
|
||||
$TTL 3600
|
||||
$ORIGIN jahanson.tech.
|
||||
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||
1683235219 ; serial number (epoch timestamp)
|
||||
7200 ; refresh period
|
||||
3600 ; retry period
|
||||
1209600 ; expire time
|
||||
3600 ; minimum ttl
|
||||
)
|
||||
|
||||
; NS Records
|
||||
@ IN NS gateway.jahanson.tech.
|
||||
|
||||
; LAN
|
||||
gateway IN A 10.1.0.1
|
||||
|
||||
; Servers
|
||||
elessar IN A 10.1.1.11
|
||||
gandalf IN A 10.1.1.31
|
||||
glamdring IN A 10.1.1.32
|
||||
shadowfax IN A 10.1.1.33
|
||||
nextcloud IN A 10.1.1.51
|
||||
frodo IN A 10.1.1.52
|
||||
|
||||
; IOT
|
||||
livingroom-vacuum IN A 10.1.3.18
|
||||
|
||||
; Video
|
||||
driveway-camera l IN A 10.1.4.12
|
||||
|
||||
; Services
|
||||
cluster-0 IN A 10.5.0.2
|
||||
|
||||
; CNAME records
|
||||
nas IN CNAME elessar.jahanson.tech.
|
||||
pikvm IN CNAME frodo.jahanson.tech.
|
||||
s3 IN CNAME gateway.jahanson.tech.
|
19
containers/bind/config/zones/db.unifi
Normal file
19
containers/bind/config/zones/db.unifi
Normal file
|
@ -0,0 +1,19 @@
|
|||
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||
; https://www.epochconverter.com/
|
||||
|
||||
; SOA Records
|
||||
$TTL 3600
|
||||
$ORIGIN unifi.
|
||||
@ 3600 IN SOA gateway.jahanson.tech. gateway.jahanson.tech. (
|
||||
1683235219 ; serial number (epoch timestamp)
|
||||
7200 ; refresh period
|
||||
3600 ; retry period
|
||||
1209600 ; expire time
|
||||
3600 ; minimum ttl
|
||||
)
|
||||
|
||||
; NS Records
|
||||
@ IN NS gateway.jahanson.tech.
|
||||
|
||||
; CNAME Records
|
||||
@ IN A 10.5.0.10
|
|
@ -1,60 +0,0 @@
|
|||
(common) {
|
||||
errors
|
||||
log error
|
||||
reload
|
||||
loadbalance
|
||||
cache
|
||||
loop
|
||||
local
|
||||
|
||||
prometheus :9153
|
||||
|
||||
health {
|
||||
lameduck 5s
|
||||
}
|
||||
}
|
||||
|
||||
(k8s_gateway) {
|
||||
forward . 10.45.0.3:53
|
||||
}
|
||||
|
||||
unifi {
|
||||
import common
|
||||
hosts /host/etc/hosts {
|
||||
ttl 1
|
||||
reload 5s
|
||||
}
|
||||
}
|
||||
|
||||
# Hack to prevent the gatway returning 127.0.0.1 from /etc/hosts
|
||||
gateway.jahanson.tech {
|
||||
import common
|
||||
template IN A gateway.jahanson.tech {
|
||||
answer "{{ .Name }} 60 IN A 10.1.0.1"
|
||||
}
|
||||
}
|
||||
|
||||
hsn.dev {
|
||||
import common
|
||||
hosts /host/etc/hosts {
|
||||
ttl 1
|
||||
reload 5s
|
||||
fallthrough
|
||||
}
|
||||
import k8s_gateway
|
||||
}
|
||||
|
||||
jahanson.tech {
|
||||
import common
|
||||
hosts /host/etc/hosts {
|
||||
ttl 1
|
||||
reload 5s
|
||||
}
|
||||
}
|
||||
|
||||
1.10.in-addr.arpa {
|
||||
hosts /host/etc/hosts {
|
||||
ttl 1
|
||||
reload 5s
|
||||
}
|
||||
}
|
|
@ -1,46 +1,47 @@
|
|||
-- udp/tcp dns listening
|
||||
setLocal("0.0.0.0:53", {})
|
||||
|
||||
-- Local CoreDNS
|
||||
-- Local Bind
|
||||
newServer({
|
||||
address = "10.5.0.3",
|
||||
pool = "coredns"
|
||||
pool = "bind",
|
||||
checkName = "gateway.jahanson.tech"
|
||||
})
|
||||
|
||||
-- ControlD - Servers
|
||||
-- NextDNS - Servers
|
||||
newServer({
|
||||
address = "76.76.2.22:443",
|
||||
address = "188.172.251.1:443",
|
||||
tls = "openssl",
|
||||
subjectName = "dns.controld.com",
|
||||
dohPath = "/14pk0z49y0u",
|
||||
subjectName = "8d3cd7.dns.nextdns.io",
|
||||
dohPath = "/8d3cd7",
|
||||
validateCertificates = true,
|
||||
checkInterval = 10,
|
||||
checkTimeout = 2000,
|
||||
pool = "controld_servers"
|
||||
pool = "nextdns_servers"
|
||||
})
|
||||
|
||||
-- ControlD - Trusted
|
||||
-- NextDNS - Trusted
|
||||
newServer({
|
||||
address = "76.76.2.22:443",
|
||||
address = "188.172.251.1:443",
|
||||
tls = "openssl",
|
||||
subjectName = "dns.controld.com",
|
||||
dohPath = "/7l9xgidtyr",
|
||||
subjectName = "d79ecb.dns.nextdns.io",
|
||||
dohPath = "/d79ecb",
|
||||
validateCertificates = true,
|
||||
checkInterval = 10,
|
||||
checkTimeout = 2000,
|
||||
pool = "controld_trusted"
|
||||
pool = "nextdns_trusted"
|
||||
})
|
||||
|
||||
-- ControlD - IoT
|
||||
-- NextDNS - IoT
|
||||
newServer({
|
||||
address = "76.76.2.22:443",
|
||||
address = "188.172.251.1:443",
|
||||
tls = "openssl",
|
||||
subjectName = "dns.controld.com",
|
||||
dohPath = "/227g88d4fp5",
|
||||
subjectName = "e29a3c.dns.nextdns.io",
|
||||
dohPath = "/e29a3c",
|
||||
validateCertificates = true,
|
||||
checkInterval = 10,
|
||||
checkTimeout = 2000,
|
||||
pool = "controld_iot"
|
||||
pool = "nextdns_iot"
|
||||
})
|
||||
|
||||
-- CloudFlare DNS over TLS
|
||||
|
@ -78,14 +79,15 @@ getPool(""):setCache(pc)
|
|||
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))
|
||||
|
||||
-- Routing rules
|
||||
addAction('unifi', PoolAction('coredns'))
|
||||
addAction('hsn.dev', PoolAction('coredns'))
|
||||
addAction('jahanson.tech', PoolAction('coredns'))
|
||||
addAction('1.10.in-addr.arpa', PoolAction('coredns'))
|
||||
|
||||
addAction("10.1.0.0/24", PoolAction("controld_servers")) -- lan
|
||||
addAction("10.1.1.0/24", PoolAction("controld_servers")) -- servers vlan
|
||||
addAction("10.1.2.0/24", PoolAction("controld_trusted")) -- trusted vlan
|
||||
addAction("10.1.3.0/24", PoolAction("controld_iot")) -- iot vlan
|
||||
addAction("10.0.11.0/24", PoolAction("controld_trusted")) -- wg_trusted vlan
|
||||
addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan
|
||||
addAction("192.168.2.0/24", DropAction()) -- stop processing
|
||||
addAction('unifi', PoolAction('bind'))
|
||||
addAction('hsn.dev', PoolAction('bind'))
|
||||
addAction('jahanson.tech', PoolAction('bind'))
|
||||
addAction('1.10.in-addr.arpa', PoolAction('bind'))
|
||||
|
||||
addAction("10.1.0.0/24", PoolAction("nextdns_servers")) -- lan
|
||||
addAction("10.1.1.0/24", PoolAction("nextdns_servers")) -- servers vlan
|
||||
addAction("10.1.2.0/24", PoolAction("nextdns_trusted")) -- trusted vlan
|
||||
addAction("10.1.3.0/24", PoolAction("nextdns_iot")) -- iot vlan
|
||||
addAction("10.0.11.0/24", PoolAction("nextdns_trusted")) -- wg_trusted vlan
|
Reference in a new issue