-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist

1. -- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
2.  
3. -- disable security status polling via DNS
4. setSecurityPollSuffix("")
5.  
6. setLocal("127.0.0.1:5353")
7.  
8. -- allow query from all IP addresses
9. addACL('0.0.0.0/0')
10.  
11. -- add a DoH resolver listening on port 443 of all interfaces
12. addDOHLocal("127.0.0.1:443", "/etc/letsencrypt/live/nss1.example.com/fullchain.pem", "/etc/letsencrypt/live/nss1.example.com/privkey.pem", { "/" }, { doTCP=true, reusePort=true, tcpFastOpenSize=0 })
13.  
14. -- add a DoH resolver listening on port 443 of all interfaces
15. addDOHLocal("127.0.0.1:443", "/etc/letsencrypt/live/doh.example.com/fullchain.pem", "/etc/letsencrypt/live/doh.example.com/privkey.pem", { "/" }, { doTCP=true, reusePort=true, tcpFastOpenSize=0 })
16.  
17. -- add a DoH resolver listening on port 443 of all interfaces
18. addDOHLocal("127.0.0.1:443", "/etc/letsencrypt/live/dot.example.com/fullchain.pem", "/etc/letsencrypt/live/dot.example.com/privkey.pem", { "/" }, { doTCP=true, reusePort=true, tcpFastOpenSize=0 })
19.  
20. -- downstream resolver
21. newServer({address="127.0.0.1:53",qps=5, name="resolver1"})