2024-08-03 19:05:31 +00:00
|
|
|
{% for _host in groups['dns_ord'] if hostvars[_host].internal_ip is defined %}
|
|
|
|
newServer({address="{{ hostvars[_host].internal_ip }}:1053", pool="sdns"})
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
setServerPolicy(leastOutstanding)
|
|
|
|
|
|
|
|
pc = newPacketCache(12800, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})
|
|
|
|
getPool("sdns"):setCache(pc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
tls_cert_crt = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt"
|
|
|
|
tls_cert_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key"
|
|
|
|
|
|
|
|
--tls_cert_crt = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt"
|
|
|
|
--tls_cert_key = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key"
|
|
|
|
|
|
|
|
addAction('.', PoolAction("sdns"))
|
|
|
|
|
|
|
|
addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100))
|
|
|
|
|
|
|
|
webserver("127.0.0.1:6060")
|
|
|
|
setWebserverConfig({ statsRequireAuthentication=false })
|
|
|
|
setLocal("0.0.0.0:53")
|
2024-08-03 19:19:38 +00:00
|
|
|
|
|
|
|
-- proxied by caddy
|
2024-08-03 19:05:31 +00:00
|
|
|
addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
|
2024-08-03 19:19:38 +00:00
|
|
|
|
2024-08-03 19:05:31 +00:00
|
|
|
addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
|
|
|
|
addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key)
|
|
|
|
|
2024-08-03 19:19:38 +00:00
|
|
|
addDOQLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
|
|
|
|
addDOQLocal('[::]:853', tls_cert_crt, tls_cert_key)
|
|
|
|
|
2024-08-03 19:05:31 +00:00
|
|
|
addACL('0.0.0.0/0')
|
|
|
|
addACL('::/0')
|