2020-11-24 22:40:48 +01:00
|
|
|
-- {{ ansible_managed }}
|
|
|
|
|
|
|
|
setLocal('127.0.0.1')
|
|
|
|
addLocal('::1')
|
|
|
|
addLocal('{{ ansible_default_ipv4.address }}')
|
|
|
|
addLocal('{{ ansible_default_ipv6.address }}')
|
|
|
|
|
2021-09-06 13:37:55 +02:00
|
|
|
setACL({'0.0.0.0/0', '::/0'})
|
2020-11-25 18:26:28 +01:00
|
|
|
|
2021-09-06 13:37:55 +02:00
|
|
|
addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction())
|
2021-09-01 17:34:45 +02:00
|
|
|
|
|
|
|
newServer({address='127.0.0.1:5353', name='localhost'})
|
2020-11-24 22:40:48 +01:00
|
|
|
|
2020-11-25 18:26:28 +01:00
|
|
|
addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
|
|
|
addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
|
|
|
|
2020-11-28 23:39:47 +01:00
|
|
|
-- Disable DoH: see https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
|
|
|
|
addAction('use-application-dns.net', RCodeAction(DNSRCode.NXDOMAIN))
|
|
|
|
|
|
|
|
-- HTTP Endpoint for Prometheus
|
2020-11-25 18:26:28 +01:00
|
|
|
webserver('0.0.0.0:8053', '{{ prometheus_dnsdist_pass }}', '{{ prometheus_dnsdist_pass }}', {}, '194.156.22.3, 2001:678:ddc::3')
|
2020-11-24 22:40:48 +01:00
|
|
|
|
|
|
|
-- disable security status polling via DNS
|
2020-11-25 18:26:28 +01:00
|
|
|
setSecurityPollSuffix('')
|