ansible-ffrgb/roles/dns_split/templates/dnsdist.conf.j2

21 lines
880 B
Plaintext
Raw Normal View History

2020-11-04 23:16:27 +01:00
-- {{ ansible_managed }}
2020-11-28 23:36:50 +01:00
setLocal('127.0.0.1')
addLocal('::1')
addLocal('{{ batman_ipv4 | ipaddr('address') }}')
addLocal('{{ batman_ipv6 | ipaddr('address') }}')
2020-11-04 23:16:27 +01:00
2021-09-01 17:35:01 +02:00
newServer({address='127.0.0.1:5353', name='localhost'})
2020-11-04 23:16:27 +01:00
2020-11-25 18:27:25 +01:00
addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
-- Disable DoH: see https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
addAction('use-application-dns.net', RCodeAction(DNSRCode.NXDOMAIN))
-- HTTP Endpoint for Prometheus
2020-11-25 18:27:25 +01:00
webserver('0.0.0.0:8053', '{{ prometheus_dnsdist_pass }}', '{{ prometheus_dnsdist_pass }}', {}, '194.156.22.3, 2001:678:ddc::3')
2020-11-04 23:16:27 +01:00
-- disable security status polling via DNS
2020-11-25 18:27:25 +01:00
setSecurityPollSuffix('')