hac/ansible/roles/knot_resolver/templates/kresd.conf.j2

31 lines
895 B
Text
Raw Permalink Normal View History

2024-03-24 22:12:56 +01:00
net.listen('{{resolver_ip}}', 53, { kind = 'dns'})
cache.size = 128 * MB
modules = {
'hints > iterate', -- Allow loading /etc/hosts or custom root hints
'predict', -- Prefetch expiring/frequent records
}
modules.load('prefill')
prefill.config({
['.'] = {
url = 'https://www.internic.net/domain/root.zone',
interval = 86400, -- seconds
}
})
modules.load('view')
view:addr('127.0.0.0/8', policy.all(policy.PASS))
view:addr('::1/128', policy.all(policy.PASS))
{% for prefix in kresd_allow %}
view:addr('{{ prefix }}', policy.all(policy.PASS))
{% endfor %}
view:addr('0.0.0.0/0', policy.all(policy.DROP))
view:addr('::/0', policy.all(policy.DROP))
2024-04-18 20:42:26 +02:00
{% for zones in forward %}
policy.add(policy.suffix(policy.FORWARD('{{ zones.address }}'), {todname('{{ zones.zone }}')}))
trust_anchors.add('{{ zones.ds }}')
{% endfor %}
2024-03-24 22:12:56 +01:00
log_target('stdout')
2024-04-18 20:42:26 +02:00
log_level('info')