jahanson/vyos-config
Archived
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity
This repository has been archived on 2024-04-29. You can view files and clone it, but cannot push or open issues or pull requests.
vyos-config/containers/dnsdist/config/dnsdist.conf

93 lines
No EOL
2.4 KiB
Text
Raw Blame History

-- udp/tcp dns listening
setLocal("0.0.0.0:53", {})
-- Local Bind
newServer({
address = "10.5.0.3",
pool = "bind",
checkName = "gateway.jahanson.tech"
})
-- NextDNS - Servers
newServer({
address = "188.172.251.1:443",
tls = "openssl",
subjectName = "8d3cd7.dns.nextdns.io",
dohPath = "/8d3cd7",
validateCertificates = true,
checkInterval = 10,
checkTimeout = 2000,
pool = "nextdns_servers"
})
-- NextDNS - Trusted
newServer({
address = "188.172.251.1:443",
tls = "openssl",
subjectName = "d79ecb.dns.nextdns.io",
dohPath = "/d79ecb",
validateCertificates = true,
checkInterval = 10,
checkTimeout = 2000,
pool = "nextdns_trusted"
})
-- NextDNS - IoT
newServer({
address = "188.172.251.1:443",
tls = "openssl",
subjectName = "e29a3c.dns.nextdns.io",
dohPath = "/e29a3c",
validateCertificates = true,
checkInterval = 10,
checkTimeout = 2000,
pool = "nextdns_iot"
})
-- CloudFlare DNS over TLS
newServer({
address = "1.1.1.1:853",
tls = "openssl",
subjectName = "cloudflare-dns.com",
validateCertificates = true,
checkInterval = 10,
checkTimeout = 2000,
pool = "cloudflare"
})
newServer({
address = "1.0.0.1:853",
tls = "openssl",
subjectName = "cloudflare-dns.com",
validateCertificates = true,
checkInterval = 10,
checkTimeout = 2000,
pool = "cloudflare"
})
-- Enable caching
pc = newPacketCache(10000, {
maxTTL = 86400,
minTTL = 0,
temporaryFailureTTL = 60,
staleTTL = 60,
dontAge = false
})
getPool(""):setCache(pc)
-- Request logging, uncomment to log DNS requests/responses to stdout
-- addAction(AllRule(), LogAction("", false, false, true, false, false))
-- addResponseAction(AllRule(), LogResponseAction("", false, true, false, false))
-- Routing rules
addAction("192.168.2.0/24", PoolAction("cloudflare")) -- guest vlan
addAction("192.168.2.0/24", DropAction()) -- stop processing
addAction('unifi', PoolAction('bind'))
addAction('hsn.dev', PoolAction('bind'))
addAction('jahanson.tech', PoolAction('bind'))
addAction('1.10.in-addr.arpa', PoolAction('bind'))
addAction("10.1.0.0/24", PoolAction("nextdns_servers")) -- lan
addAction("10.1.1.0/24", PoolAction("nextdns_servers")) -- servers vlan
addAction("10.1.2.0/24", PoolAction("nextdns_trusted")) -- trusted vlan
addAction("10.1.3.0/24", PoolAction("nextdns_iot")) -- iot vlan
addAction("10.0.11.0/24", PoolAction("nextdns_trusted")) -- wg_trusted vlan
Reference in a new issue View git blame Copy permalink