-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathuse-case-2.toml
60 lines (49 loc) · 1.76 KB
/
use-case-2.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Example DNS in a corp environment. Everything destined for the company domain
# is sent to the company DNS servers. All other queries are sent securely via
# DNS-over-HTTPS.
# Define the two company DNS servers. Both use plain (insecure) DNS over UDP and
# TCP when a truncated response is received
[resolvers.mycompany-dns-a-udp]
address = "10.0.0.1:53"
protocol = "udp"
# TCP Fallback resolver if UDP responses are truncated
[resolvers.mycompany-dns-a-tcp]
address = "10.0.0.1:53"
protocol = "tcp"
# Try UDP first, if truncated use the alernative TCP one
[groups.mycompany-dns-a]
type = "truncate-retry"
resolvers = ["mycompany-dns-a-udp"]
retry-resolver = "mycompany-dns-a-tcp"
[resolvers.mycompany-dns-b-udp]
address = "10.0.0.2:53"
protocol = "udp"
[resolvers.mycompany-dns-b-tcp]
address = "10.0.0.2:53"
protocol = "tcp"
[groups.mycompany-dns-b]
type = "truncate-retry"
resolvers = ["mycompany-dns-b-udp"]
retry-resolver = "mycompany-dns-b-tcp"
# Define the Cloudflare DNS-over-HTTPS resolver (GET methods) since that is most likely allowed outbound
[resolvers.cloudflare-doh-1-1-1-1-get]
address = "https://1.1.1.1/dns-query{?dns}"
protocol = "doh"
doh = { method = "GET" }
# Since the company DNS servers have a habit of failing, group them to rotate on failure
[groups.mycompany-dns]
resolvers = ["mycompany-dns-a", "mycompany-dns-b"]
type = "fail-rotate"
[routers.router1]
routes = [
{ name = '(^|\.)mycompany\.com\.$', resolver="mycompany-dns" }, # Use company DNS, perhaps through a VPN tunnel
{ resolver="cloudflare-doh-1-1-1-1-get" }, # Everything else can go securely to Cloudflare
]
[listeners.local-udp]
address = "127.0.0.1:53"
protocol = "udp"
resolver = "router1"
[listeners.local-tcp]
address = "127.0.0.1:53"
protocol = "tcp"
resolver = "router1"