Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -- root@two-pihole:~# cat /etc/knot-resolver/kresd.conf
- -- SPDX-License-Identifier: CC0-1.0
- -- vim:syntax=lua:set ts=4 sw=4:
- -- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
- -- Network interface configuration
- net.listen('127.53.53.4', 5304, { kind = 'dns' })
- -- net.listen('127.53.53.4', 853, { kind = 'tls' })
- -- net.listen('::1', 5304, { kind = 'dns', freebind = true })
- -- net.listen('::1', 853, { kind = 'tls', freebind = true })
- -- Enable optional modules
- modules = {
- 'policy',
- 'view',
- 'hints',
- 'serve_stale < cache',
- 'workarounds < iterate',
- 'stats',
- 'predict'
- }
- -- Accept all requests from these subnets
- view:addr('127.0.0.0/8', function (req, qry) return policy.PASS end)
- view:addr('[::1]/128', function (req, qry) return policy.PASS end)
- -- Drop everything that hasn't matched
- view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end)
- -- Forward queries encrypted to Cloudflared over TLS
- policy.add(policy.all(policy.TLS_FORWARD({
- { '1.1.1.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/ca-certificates.crt' },
- { '1.0.0.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/ca-certificates.crt' },
- })))
- -- Forward queries encrypted to Quad9 over TLS
- -- policy.add(policy.all(policy.TLS_FORWARD({
- -- { '9.9.9.9', hostname='dns.quad9.net', ca_file='/etc/ssl/certs/ca-certificates.crt' },
- --
- -- })))
- -- Prefetch learning (15-minutes blocks over 24 hours)
- predict.config({ window = 15, period = 72 })
- -- Cache size
- cache.size = 250 * MB
- -- Enable DNSSEC validation
- -- trust_anchors.file = '/etc/knot-resolver/root.keys'
- -- deescalate from root
- -- user("knot-resolver", "knot-resolver")
Add Comment
Please, Sign In to add comment