ageng/blahdns
1
0
Fork 0
mirror of https://github.com/ookangzheng/blahdns.git synced 2025-12-15 13:45:37 +07:00
Code Issues Projects Releases Wiki Activity
Files
a9fadc5d00b9ce478933997b8a250a97dbef6dc1
blahdns/server-conf/dnsdist.conf
ookangzheng a9fadc5d00 Re init git
2019-08-04 00:25:17 +08:00

53 lines
2.4 KiB
Plaintext
Executable File
Raw Blame History

-- When an IPv6 IP:PORT combination is needed, the bracketed syntax from RFC 3986 should be used. e.g. “[2001:DB8:14::C0FF:FEE]:5300”
-- https://dnsdist.org/reference/config.html?highlight=servfail
--addTLSLocal('0.0.0.0', '/etc/letsencrypt/live/dns.jp.blahdns.com/fullchain.pem', '/etc/letsencrypt/live/dns.jp.blahdns.com/privkey.pem', { doTCP=true, reusePort=true })
--addTLSLocal("[::]", '/etc/letsencrypt/live/dns.jp.blahdns.com/fullchain.pem', '/etc/letsencrypt/live/dns.jp.blahdns.com/privkey.pem', { doTCP=true, reusePort=true})
addDNSCryptBind("0.0.0.0:8443", "2.dnscrypt-cert.blahdns.com", "/etc/dnsdist/ssl.cert", "/etc/dnsdist/ssl.key")
addDNSCryptBind("[::]:8443", "2.dnscrypt-cert.blahdns.com", "/etc/dnsdist/ssl.cert", "/etc/dnsdist/ssl.key")
addLocal('0.0.0.0:53', { doTCP=true, reusePort=true})
addLocal('[::]:53', { doTCP=true, reusePort=true})
addAction(MaxQPSIPRule(10, 32, 48), DropAction())
addAction(QTypeRule(dnsdist.ANY) ,DropAction())
addAction(QTypeRule(dnsdist.PTR) ,DropAction())
-- Force TCP
addAction(AndRule({NotRule(OrRule({QTypeRule(dnsdist.TXT), QTypeRule(dnsdist.A), QTypeRule(dnsdist.AAAA)})),TCPRule(false)}), TCAction())
setACL({'0.0.0.0/0', '::/0' })
-- https://dnsdist.org/reference/constants.html#dnsaction
-- https://dnsdist.org/rules-actions.html#addLuaAction
-- https://stackoverflow.com/questions/11271547/does-lua-have-or-comparisons
local dbr = dynBlockRulesGroup()
dbr:setQTypeRate(dnsdist.PTR, 5, 10, "Exceeded PTR rate", 60)
dbr:setQTypeRate(dnsdist.TXT, 5, 10, "Exceeded TXT rate", 60)
dbr:setQTypeRate(dnsdist.SOA, 5, 10, "Exceeded SOA rate", 60)
dbr:setQTypeRate(dnsdist.MX, 3, 10, "Exceeded MX rate", 60)
dbr:setQTypeRate(dnsdist.SRV, 3, 10, "Exceeded SRV rate", 60)
dbr:setQTypeRate(dnsdist.NS, 3, 10, "Exceeded PTR rate", 60)
dbr:setQTypeRate(dnsdist.SIG, 3, 10, "Exceeded PTR rate", 60)
function maintenance()
dbr:apply()
end
newServer({address="127.0.0.1:50", checkType="A", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false})
newServer({address="[::1]:50", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false})
newServer({address="[::1]:51", checkType="AAAA", checkType=DNSClass.CHAOS, checkName="google.com", mustResolve=false})
-- function luarule(dq)
-- if(dq.qtype==dnsdist.ANY)
-- then
-- return DNSAction.ServFail
-- else
-- return DNSAction.None
-- end
-- end
-- addLuaAction(AllRule(), luarule)
Reference in New Issue View Git Blame Copy Permalink