{% for _host in groups['dns_ord'] if hostvars[_host].internal_ip is defined %} newServer({address="{{ hostvars[_host].internal_ip }}:1053", pool="sdns"}) {% endfor %} setServerPolicy(leastOutstanding) pc = newPacketCache(12800, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false}) getPool("sdns"):setCache(pc) tls_cert_crt = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt" tls_cert_key = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key" --tls_cert_crt = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.crt" --tls_cert_key = "/run/my-unit/target/certificates/acme-v02.api.letsencrypt.org-directory/mydns.gay/mydns.gay.key" addAction('.', PoolAction("sdns")) addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100)) webserver("127.0.0.1:6060") setWebserverConfig({ statsRequireAuthentication=false }) setLocal("0.0.0.0:53") addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true }) addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key) addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key) addACL('0.0.0.0/0') addACL('::/0')