-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathautoconf.toml
152 lines (125 loc) · 3.55 KB
/
autoconf.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# global config
# if an error is encountered, stop
quit_on_error = false
listen = [
"0.0.0.0:53",
"[::]:53",
]
# default upstream
upstreams = [
"101.6.6.6:53",
"202.141.162.123:53",
]
allowed_client_subnets = [
# include localhost
"127.0.0.0/8",
"::1/128",
# include your LAN
"192.168.1.0/24",
# everywhere - potentially unsafe, use with caution
# "0.0.0.0/0",
# "::/0",
]
# set to true if you use Active Directory and allows DNS update
allow_ddns_updates = false
# interval to query upstream to check health
health_check_interval = 600
# load balance policy
# valid values see https://dnsdist.org/guides/serverselection.html
# default: firstAvailable
load_balance_policy = "leastOutstanding"
# EDNS0 Client Subnet
[ecs]
enabled = true
default_prefix_v4 = 24
default_prefix_v6 = 48
# if DNS request source IP is not a public routable IP, still forward its ECS information to upstream
keep_private_ip = false
#[control_socket]
#listen = "0.0.0.0"
#key = ""
#[web_server]
#listen = "127.0.0.1:8083"
#password = "supersecretpassword"
#api_key = "supersecretAPIkey"
# enable cache
# note: it eats memory
[cache]
enabled = true
max_entries = 16384
# hosts
# remember to add quotation marks!
[hosts]
# you can use either an array of IP addresses
"localhost.example.org" = [
"::1",
"127.0.0.1",
]
# or a single IP address
"localhost6.example.org" = "::1"
# or a CNAME
# Note: this config will force dnsdist to return a plain CNAME record
# without any A or AAAA appended. This might cause compatibility issues
# in some resolver software/library.
# See: https://github.com/PowerDNS/pdns/issues/3679
"cname.example.org" = "example.org"
# Rules
# you can include unlimited [[match]] blocks
# but do not duplicate the same config
# example: drop requests to certain domain
[[match]]
domains = [
"music.httpdns.c.163.com",
]
# note: "action" works in every [[match]] block. The default value is "resolve".
# "block" or "nxdomain" means return DNS NXDOMAIN.
# "refuse" means return DNS REFUSE.
# "drop" means packet getting dropped.
action = "block"
# example: resolve certain domain using other servers
[[match]]
domains = [
"music.126.net",
"music.126.net.gccdn.net",
"music.126.net.usgcac.cdnetworks.net",
"music.126.net.wscdns.com",
"music.163.com",
"netease.ugcvideoss.ourdvs.com",
]
upstreams = [
"223.5.5.5:53",
"223.6.6.6:53",
]
# example: get a China-mainland-specific domain list from https://github.com/felixonmars/dnsmasq-china-list
# so we can get CDN acceleration
[[match]]
provider = "dnsmasq-china-list"
upstreams = [
"223.5.5.5:53",
"223.6.6.6:53",
]
# example: forward certain domain to its domain controllers in an Active Directory setup
# Note: we can only get DCs from DNS information, so here we assume every DC have DNS roles installed
# If you have an explicit list of DNS server IPs, use the example above
[[match]]
provider = "ActiveDirectory"
primary_domain = "corp.contoso.com"
# Alternative UPNs and rDNSs, if needed
domains = [
"corp.contoso2.com",
"corp.contoso3.com",
]
# set explicit bootstrap servers for querying DCs
# they will be tried one by one before trying system DNS server
bootstrap_servers = [
"192.168.1.1:53"
]
# example: a minimal Active Directory setup
[[match]]
provider = "ActiveDirectory"
primary_domain = "corp.contoso.com"
# example: if we cannot resolve that domain, it will be ignored by default with "quit_on_error" = false
[[match]]
provider = "ActiveDirectory"
primary_domain = "non-existent-domain.example.com"
bootstrap_server = "198.51.100.1:53"