2024-08-02 04:27:30 +00:00
|
|
|
# Config version, config and build versions can be different.
|
|
|
|
version = "1.3.3"
|
|
|
|
|
|
|
|
# Sets the sdns working directory. The directory must have write access for sdns's user.
|
|
|
|
directory = "/var/lib/sdns"
|
|
|
|
|
|
|
|
# Address to bind to for the DNS server.
|
2024-08-03 19:05:31 +00:00
|
|
|
bind = ":1053"
|
2024-08-02 04:27:30 +00:00
|
|
|
|
|
|
|
# Address to bind to for the DNS-over-TLS server.
|
|
|
|
# bindtls = ":853"
|
|
|
|
|
|
|
|
# Address to bind to for the DNS-over-HTTPS server.
|
|
|
|
# binddoh = ":443"
|
|
|
|
|
|
|
|
# Address to bind to for the DNS-over-QUIC server.
|
|
|
|
# binddoq = ":853"
|
|
|
|
|
|
|
|
# TLS certificate file.
|
|
|
|
# tlscertificate = "server.crt"
|
|
|
|
|
|
|
|
# TLS private key file.
|
|
|
|
# tlsprivatekey = "server.key"
|
|
|
|
|
|
|
|
# Outbound IPv4 addresses, if you set multiple, sdns can use a random outbound IPv4 address by request based.
|
|
|
|
outboundips = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# Outbound IPv6 addresses, if you set multiple, sdns can use a random outbound IPv6 address by request based.
|
|
|
|
outboundip6s = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# Root zone IPv4 servers
|
|
|
|
rootservers = [
|
|
|
|
"198.41.0.4:53",
|
|
|
|
"199.9.14.201:53",
|
|
|
|
"192.33.4.12:53",
|
|
|
|
"199.7.91.13:53",
|
|
|
|
"192.203.230.10:53",
|
|
|
|
"192.5.5.241:53",
|
|
|
|
"192.112.36.4:53",
|
|
|
|
"198.97.190.53:53",
|
|
|
|
"192.36.148.17:53",
|
|
|
|
"192.58.128.30:53",
|
|
|
|
"193.0.14.129:53",
|
|
|
|
"199.7.83.42:53",
|
|
|
|
"202.12.27.33:53"
|
|
|
|
]
|
|
|
|
|
|
|
|
# Root zone IPv6 servers
|
|
|
|
root6servers = [
|
|
|
|
"[2001:503:ba3e::2:30]:53",
|
|
|
|
"[2001:500:200::b]:53",
|
|
|
|
"[2001:500:2::c]:53",
|
|
|
|
"[2001:500:2d::d]:53",
|
|
|
|
"[2001:500:a8::e]:53",
|
|
|
|
"[2001:500:2f::f]:53",
|
|
|
|
"[2001:500:12::d0d]:53",
|
|
|
|
"[2001:500:1::53]:53",
|
|
|
|
"[2001:7fe::53]:53",
|
|
|
|
"[2001:503:c27::2:30]:53",
|
|
|
|
"[2001:7fd::1]:53",
|
|
|
|
"[2001:500:9f::42]:53",
|
|
|
|
"[2001:dc3::35]:53"
|
|
|
|
]
|
|
|
|
|
|
|
|
# Trusted anchors for DNSSEC
|
|
|
|
rootkeys = [
|
|
|
|
". 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="
|
|
|
|
]
|
|
|
|
|
|
|
|
# Failover resolver IPv4 or IPv6 addresses with port, left blank for disabled.
|
|
|
|
# fallbackservers = [
|
|
|
|
# "8.8.8.8:53",
|
|
|
|
# "[2001:4860:4860::8888]:53"
|
|
|
|
# ]
|
|
|
|
fallbackservers = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# Forwarder resolver IPv4 or IPv6 addresses with port, left blank for disabled.
|
|
|
|
# forwarderservers = [
|
|
|
|
# "8.8.8.8:53",
|
|
|
|
# "[2001:4860:4860::8888]:53",
|
|
|
|
# "tls://8.8.8.8:853"
|
|
|
|
# ]
|
|
|
|
forwarderservers = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# Address to bind to for the HTTP API server, left blank for disabled.
|
|
|
|
api = "127.0.0.1:8053"
|
|
|
|
|
|
|
|
# What kind of information should be logged, Log verbosity level [crit, error, warn, info, debug].
|
|
|
|
loglevel = "info"
|
|
|
|
|
|
|
|
# The location of the access log file, left blank for disabled. SDNS uses Common Log Format by default.
|
|
|
|
# accesslog = ""
|
|
|
|
|
|
|
|
# List of remote blocklists address list. All lists will be downloaded to the blocklist folder.
|
|
|
|
# blocklists = [
|
|
|
|
# "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
|
|
|
|
# "http://sysctl.org/cameleon/hosts",
|
|
|
|
# "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
|
|
|
|
# "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
|
|
|
# ]
|
|
|
|
blocklists = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# [DEPRECATED] This will be ignored. The directory will be created under the working directory automatically.
|
|
|
|
blocklistdir = ""
|
|
|
|
|
|
|
|
# IPv4 address to forward blocked queries to.
|
|
|
|
nullroute = "0.0.0.0"
|
|
|
|
|
|
|
|
# IPv6 address to forward blocked queries to.
|
|
|
|
nullroutev6 = "::0"
|
|
|
|
|
|
|
|
# Which clients are allowed to make queries.
|
|
|
|
accesslist = [
|
|
|
|
"0.0.0.0/0",
|
|
|
|
"::0/0"
|
|
|
|
]
|
|
|
|
|
|
|
|
# Enables serving zone data from a hosts file, left blank for disabled.
|
|
|
|
# The form of the entries in the /etc/hosts file is based on IETF RFC 952, which was updated by IETF RFC 1123.
|
|
|
|
hostsfile = "/etc/hosts"
|
|
|
|
|
|
|
|
# Specifies the network timeout duration for each DNS lookup.
|
|
|
|
timeout = "2s"
|
|
|
|
|
|
|
|
# Defines the maximum duration to wait for each DNS query to respond.
|
|
|
|
querytimeout = "10s"
|
|
|
|
|
|
|
|
# Default error cache TTL in seconds.
|
|
|
|
expire = 600
|
|
|
|
|
|
|
|
# Cache size (total records in cache).
|
|
|
|
cachesize = 256000
|
|
|
|
|
|
|
|
# Cache prefetch before expire. The default threshold is 10%, 0 for disabled.
|
|
|
|
# The threshold percent should be between 10% ~ 90%.
|
|
|
|
prefetch = 10
|
|
|
|
|
|
|
|
# Maximum iteration depth for a query.
|
|
|
|
maxdepth = 30
|
|
|
|
|
|
|
|
# Query-based ratelimit per second, 0 for disabled.
|
|
|
|
ratelimit = 0
|
|
|
|
|
|
|
|
# Client IP address-based ratelimit per minute, 0 for disabled.
|
|
|
|
clientratelimit = 0
|
|
|
|
|
|
|
|
# Manual blocklist entries.
|
|
|
|
# blocklist = [
|
|
|
|
# "example.com",
|
|
|
|
# "example.net"
|
|
|
|
# ]
|
|
|
|
blocklist = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# Whitelist entries.
|
|
|
|
# whitelist = [
|
|
|
|
# "example.com",
|
|
|
|
# "example.net"
|
|
|
|
# ]
|
|
|
|
whitelist = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# DNS server identifier (RFC 5001), it's useful while operating multiple sdns. Left blank for disabled.
|
|
|
|
nsid = ""
|
|
|
|
|
|
|
|
# Enable to answer version.server, version.bind, hostname.bind, id.server chaos queries.
|
|
|
|
chaos = true
|
|
|
|
|
|
|
|
# Qname minimization level. If higher, it can be more complex and impact the response performance.
|
|
|
|
# If set to 0, qname minimization will be disabled.
|
|
|
|
qname_min_level = 5
|
|
|
|
|
|
|
|
# Empty zones return an answer for RFC 1918 zones. Please see http://as112.net/
|
|
|
|
# for details of the problems you are causing and the countermeasures that have had to be deployed.
|
|
|
|
# If the list is empty, SDNS will use default zones described at RFC.
|
|
|
|
# emptyzones = [
|
|
|
|
# "10.in-addr.arpa."
|
|
|
|
# ]
|
|
|
|
emptyzones = [
|
|
|
|
]
|
|
|
|
|
|
|
|
# You can add your own plugins to sdns. The plugin order is very important.
|
|
|
|
# Plugins can be loaded before the cache middleware.
|
|
|
|
# Config keys should be strings, and values can be anything.
|
|
|
|
# There is an example plugin at https://github.com/semihalev/sdnsexampleplugin
|
|
|
|
# [plugins]
|
|
|
|
# [plugins.example]
|
|
|
|
# path = "exampleplugin.so"
|
|
|
|
# config = {key_1 = "value_1", key_2 = 2, key_3 = true}
|