nathanwoodburn/hns_doh_loadbalancer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9299335f985cf741cb427c7b324e60be2a11f9f4
hns_doh_loadbalancer/dnsdist.conf
Nathan Woodburn 9299335f98
All checks were successful
Build Docker / Build_Docker (push) Successful in 1m8s
Details
feat: Add .lan block
2025-06-04 12:07:45 +10:00

37 lines
1.4 KiB
Plaintext
Raw Blame History

local dbr = dynBlockRulesGroup()
dbr:setQueryRate(30, 10, "Exceeded query rate", 60)
dbr:setRCodeRate(DNSRCode.NXDOMAIN, 20, 10, "Exceeded NXD rate", 60)
dbr:setRCodeRate(DNSRCode.SERVFAIL, 20, 10, "Exceeded ServFail rate", 60)
dbr:setQTypeRate(DNSQType.ANY, 5, 10, "Exceeded ANY rate", 60)
dbr:setResponseByteRate(10000, 10, "Exceeded resp BW rate", 60)
function maintenance()
dbr:apply()
end
dbr:apply()
addAction(AndRule{MaxQPSIPRule(5), TCPRule(false)}, TCAction())
-- drop queries to .lan
local sldsToDrop = newSuffixMatchNode()
sldsToDrop:add("lan.")
addAction(SuffixMatchNodeRule(sldsToDrop), DropAction())
newServer({address="127.0.0.1:5353", name="HSD"})
addLocal('0.0.0.0:53', {reusePort=true})
addLocal('[::]:53', {reusePort=true})
addDOHLocal("127.0.0.1:8053", nil, nil, {"/", "/dns-query"}, { reusePort=true, customResponseHeaders={["Access-Control-Allow-Origin"]="*"} })
addTLSLocal('0.0.0.0', '/etc/letsencrypt/live/hnsdoh.com/fullchain.pem', '/etc/letsencrypt/live/hnsdoh.com/privkey.pem', { reusePort=true })
addTLSLocal('[::]', '/etc/letsencrypt/live/hnsdoh.com/fullchain.pem', '/etc/letsencrypt/live/hnsdoh.com/privkey.pem', { reusePort=true })
addACL('0.0.0.0/0')
addACL('[::]/0')
map = { newDOHResponseMapEntry("^/$", 307, "https://welcome.hnsdoh.com") }
dohFE = getDOHFrontend(0)
dohFE:setResponsesMap(map)
setKey("csl2icaGACsP3+M9tx55c8+dBxVCnlnqAHEC92P55eo=")
controlSocket('127.0.0.1:5199')
Reference in New Issue View Git Blame Copy Permalink