-
Notifications
You must be signed in to change notification settings - Fork 1
/
dnsdist.conf
51 lines (45 loc) · 1.56 KB
/
dnsdist.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
function FileExists(file)
local isExist = io.popen(
'[[ -e '.. tostring(file) ..' ]] && { echo "true"; }')
local isIt = isExist:read("*a")
isExist:close()
isIt = string.gsub(isIt, '^%s*(.-)%s*$', '%1')
if isIt == "true" then
return true
end
return false
end
infolog("Listener setup")
setACL('0.0.0.0/0')
setLocal('0.0.0.0')
addDOHLocal('0.0.0.0:80', nil, nil, '/')
infolog("Set defaults")
addAction(AllRule(), LogAction('/dev/stdout', false, false, false))
addAction(QClassRule(DNSClass.CHAOS), DropAction())
addAction(MaxQPSIPRule(100, 32, 48), DelayAction(100))
addAction(MaxQPSIPRule(500, 32, 48), DropAction())
if FileExists("/etc/authdomains.txt") then
infolog("Loading auth domains")
local counter = 0
local auth_domains = newSuffixMatchNode()
for auth_domain in io.lines("/etc/authdomains.txt") do
if counter > 500 then
addAction(SuffixMatchNodeRule(auth_domains), PoolAction("auth"))
auth_domains = newSuffixMatchNode()
counter = 0
end
local domain = newDNSName(auth_domain)
if not auth_domains:check(domain) then
auth_domains:add(domain)
counter = counter + 1
end
end
addAction(SuffixMatchNodeRule(auth_domains), PoolAction("auth"))
end
infolog("Configure cache")
local packet_cache = newPacketCache(100000)
getPool(''):setCache(packet_cache)
webserver("0.0.0.0:8083")
setWebserverConfig({password="SUPERSECRETPWKEY", apiKey="SUPERSECRETAPIKEY", acl="0.0.0.0/0", statsRequireAuthentication=false})
newServer('IP-AUTH')
newServer('IP-REC')