-- {{ ansible_managed }} setLocal('127.0.0.1') addLocal('::1') addLocal('{{ ansible_default_ipv4.address }}') addLocal('{{ ansible_default_ipv6.address }}') setACL({'0.0.0.0/0', '::/0'}) addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction()) newServer({address='127.0.0.1:5353', name='localhost'}) addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') -- Disable DoH: see https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet addAction('use-application-dns.net', RCodeAction(DNSRCode.NXDOMAIN)) -- HTTP Endpoint for Prometheus webserver('0.0.0.0:8053', '{{ prometheus_dnsdist_pass }}', '{{ prometheus_dnsdist_pass }}', {}, '194.156.22.3, 2001:678:ddc::3') -- disable security status polling via DNS setSecurityPollSuffix('')