dnsservice/ansible/files/dnsdist.conf

37 lines
1.4 KiB
Plaintext
Raw Permalink Normal View History

2024-08-03 19:05:31 +00:00
{% for _host in groups['dns_ord'] if hostvars[_host].internal_ip is defined %}
newServer({address="{{ hostvars[_host].internal_ip }}:1053", pool="sdns"})
{% endfor %}
setServerPolicy(leastOutstanding)
pc = newPacketCache(12800, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool("sdns"):setCache(pc)
tls_cert_crt = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt"
tls_cert_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key"
--tls_cert_crt = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt"
--tls_cert_key = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key"
addAction('.', PoolAction("sdns"))
addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100))
webserver("127.0.0.1:6060")
setWebserverConfig({ statsRequireAuthentication=false })
setLocal("0.0.0.0:53")
2024-08-03 19:19:38 +00:00
-- proxied by caddy
2024-08-03 19:05:31 +00:00
addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
2024-08-03 19:19:38 +00:00
2024-08-03 19:05:31 +00:00
addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key)
2024-08-03 19:19:38 +00:00
addDOQLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
addDOQLocal('[::]:853', tls_cert_crt, tls_cert_key)
2024-08-03 19:05:31 +00:00
addACL('0.0.0.0/0')
addACL('::/0')