-- udp/tcp dns listening
setLocal("0.0.0.0:53", {})

-- Local CoreDNS
newServer({
  address = "10.5.0.3",
  pool = "coredns"
})

-- ControlD - Servers
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/14pk0z49y0u",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_servers"
})

-- ControlD - Trusted
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/7l9xgidtyr",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_trusted"
})

-- ControlD - IoT
newServer({
  address = "76.76.2.22:443",
  tls = "openssl",
  subjectName = "dns.controld.com",
  dohPath = "/227g88d4fp5",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "controld_iot"
})

-- CloudFlare DNS over TLS
newServer({
  address = "1.1.1.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})
newServer({
  address = "1.0.0.1:853",
  tls = "openssl",
  subjectName = "cloudflare-dns.com",
  validateCertificates = true,
  checkInterval = 10,
  checkTimeout = 2000,
  pool = "cloudflare"
})

-- Enable caching
pc = newPacketCache(10000, {
  maxTTL = 86400,
  minTTL = 0,
  temporaryFailureTTL = 60,
  staleTTL = 60,
  dontAge = false
})
getPool(""):setCache(pc)

-- Request logging, uncomment to log DNS requests/responses to stdout
-- addAction(AllRule(), LogAction("", false, false, true, false, false))
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))

-- Routing rules
addAction('unifi', PoolAction('coredns'))
addAction('hsn.dev', PoolAction('coredns'))
addAction('jahanson.tech', PoolAction('coredns'))
addAction('1.10.in-addr.arpa', PoolAction('coredns'))

addAction("10.1.0.0/24", PoolAction("controld_servers"))  -- lan
addAction("10.1.1.0/24", PoolAction("controld_servers"))  -- servers vlan
addAction("10.1.2.0/24", PoolAction("controld_trusted"))  -- trusted vlan
addAction("10.1.3.0/24", PoolAction("controld_iot"))      -- iot vlan
addAction("10.0.11.0/24", PoolAction("controld_trusted")) -- wg_trusted vlan
addAction("192.168.2.0/24", PoolAction("cloudflare"))     -- guest vlan