-
Notifications
You must be signed in to change notification settings - Fork 3
/
dnsdist.conf
64 lines (55 loc) · 2.51 KB
/
dnsdist.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
-- view "_default"
newServer({address="127.0.0.1:40000", pool="auth__default"})
newServer({address="127.0.0.1:40001", pool="resolver__default"})
pc = newPacketCache(100000)
getPool("resolver__default"):setCache(pc)
match_clients__default = newNMG()
match_clients__default:addMask("0.0.0.0/0")
match_clients__default:addMask("::0/0")
match_destinations__default = newNMG()
match_destinations__default:addMask("0.0.0.0/0")
match_destinations__default:addMask("::0/0")
allow_query__default = newNMG()
allow_query__default:addMask("0.0.0.0/0")
allow_query__default:addMask("::0/0")
allow_recursion__default = newNMG()
allow_recursion__default:addMask("10.0.0.0/8")
allow_recursion__default:addMask("192.168.0.0/16")
allow_recursion__default:addMask("192.0.2.1")
allow_recursion__default:addMask("127.0.0.1")
allow_recursion__default:addMask("2001:8db::/32")
allow_recursion__default:addMask("::1")
allow_recursion__default:addMask("2001:8db:1:3:1:2:3:4")
authdomains__default = newSuffixMatchNode()
allow_transfer__default = {}
authdomains__default:add(newDNSName("example.com."))
allow_transfer__default["example.com."] = newNMG()
allow_transfer__default["example.com."]:addMask("10.0.0.0/8")
allow_transfer__default["example.com."]:addMask("192.168.0.0/16")
allow_transfer__default["example.com."]:addMask("192.0.2.1")
allow_transfer__default["example.com."]:addMask("127.0.0.1")
authdomains__default:add(newDNSName("example.jp."))
allow_transfer__default["example.jp."] = newNMG()
function xfr_query__default(dq)
if(dq.qtype == dnsdist.AXFR or dq.qtype == dnsdist.IXFR)
then
a = allow_transfer__default[string.lower(dq.qname:toString())]
if(match_clients__default:match(dq.remoteaddr) and a:match(dq.remoteaddr))
then
return DNSAction.Pool, "auth__default"
end
end
return DNSAction.None, ""
end
addAction(AndRule({NotRule(NetmaskGroupRule(allow_query__default))}), RCodeAction(5))
addAction(AndRule({NotRule(QTypeRule(dnsdist.AXFR)), NotRule(QTypeRule(dnsdist.IXFR)), SuffixMatchNodeRule(authdomains__default)}), PoolAction("auth__default"))
addAction(AndRule({NotRule(QTypeRule(dnsdist.AXFR)), NotRule(QTypeRule(dnsdist.IXFR)), NetmaskGroupRule(allow_recursion__default)}), PoolAction("resolver__default"))
addLuaAction(".", xfr_query__default)
addAction(NetmaskGroupRule(match_clients__default), RCodeAction(5))
addAction(AllRule(), RCodeAction(5))
setACL({})
addACL("0.0.0.0/0")
addACL("::0/0")
controlSocket("127.0.0.1")
addLocal("0.0.0.0:53")
addLocal("[::]:53")