local dbr = dynBlockRulesGroup() dbr:setQueryRate(30, 10, "Exceeded query rate", 60) dbr:setRCodeRate(DNSRCode.NXDOMAIN, 20, 10, "Exceeded NXD rate", 60) dbr:setRCodeRate(DNSRCode.SERVFAIL, 20, 10, "Exceeded ServFail rate", 60) dbr:setQTypeRate(DNSQType.ANY, 5, 10, "Exceeded ANY rate", 60) dbr:setResponseByteRate(10000, 10, "Exceeded resp BW rate", 60) function maintenance() dbr:apply() end dbr:apply() addAction(RegexRule(".*nonexistentdomain.*"), DropAction()) addAction(AndRule{MaxQPSIPRule(5), TCPRule(false)}, TCAction()) newServer({address="127.0.0.1:5353", name="HSD"}) addLocal('0.0.0.0:53', {reusePort=true}) addLocal('[::]:53', {reusePort=true}) addDOHLocal("127.0.0.1:8053", nil, nil, {"/", "/dns-query"}, { reusePort=true }) addTLSLocal('0.0.0.0', '/etc/letsencrypt/live/hnsdoh.com/fullchain.pem', '/etc/letsencrypt/live/hnsdoh.com/privkey.pem', { reusePort=true }) addTLSLocal('[::]', '/etc/letsencrypt/live/hnsdoh.com/fullchain.pem', '/etc/letsencrypt/live/hnsdoh.com/privkey.pem', { reusePort=true }) addACL('0.0.0.0/0') addACL('[::]/0') map = { newDOHResponseMapEntry("^/$", 307, "https://welcome.hnsdoh.com") } dohFE = getDOHFrontend(0) dohFE:setResponsesMap(map) setKey("csl2icaGACsP3+M9tx55c8+dBxVCnlnqAHEC92P55eo=") controlSocket('127.0.0.1:5199')