-- udp/tcp dns listening
setLocal("0.0.0.0:53", {})

-- Local Bind
newServer({
  address = "10.5.0.3",
  pool = "bind",
  checkName = "gateway.jahanson.tech"
})

-- NextDNS - Servers
newServer({
  address = "188.172.251.1:443",
  tls = "openssl",
  subjectName = "8d3cd7.dns.nextdns.io",
  dohPath = "/8d3cd7",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "nextdns_servers"
})

-- NextDNS - Trusted
newServer({
  address = "188.172.251.1:443",
  tls = "openssl",
  subjectName = "d79ecb.dns.nextdns.io",
  dohPath = "/d79ecb",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "nextdns_trusted"
})

-- NextDNS - IoT
newServer({
  address = "188.172.251.1:443",
  tls = "openssl",
  subjectName = "e29a3c.dns.nextdns.io",
  dohPath = "/e29a3c",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "nextdns_iot"
})

-- CloudFlare DNS over TLS
newServer({
  address = "1.1.1.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})
newServer({
  address = "1.0.0.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})

-- Enable caching
pc = newPacketCache(10000, {
  maxTTL = 86400,
  minTTL = 0,
  temporaryFailureTTL = 60,
  staleTTL = 60,
  dontAge = false
})
getPool(""):setCache(pc)

-- Request logging, uncomment to log DNS requests/responses to stdout
-- addAction(AllRule(), LogAction("", false, false, true, false, false))
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))

-- Routing rules
addAction("192.168.2.0/24", PoolAction("cloudflare"))     -- guest vlan
addAction("192.168.2.0/24", DropAction())                 -- stop processing
addAction('unifi', PoolAction('bind'))
addAction('hsn.dev', PoolAction('bind'))
addAction('jahanson.tech', PoolAction('bind'))
addAction('1.10.in-addr.arpa', PoolAction('bind'))

addAction("10.1.0.0/24", PoolAction("nextdns_servers"))  -- lan
addAction("10.1.1.0/24", PoolAction("nextdns_servers"))  -- servers vlan
addAction("10.1.2.0/24", PoolAction("nextdns_trusted"))  -- trusted vlan
addAction("10.1.3.0/24", PoolAction("nextdns_iot"))      -- iot vlan
addAction("10.0.11.0/24", PoolAction("nextdns_trusted")) -- wg_trusted vlan