# Config version, config and build versions can be different.
version = "1.3.3"

# Sets the sdns working directory. The directory must have write access for sdns's user.
directory = "/var/lib/sdns"

# Address to bind to for the DNS server.
bind = ":1053"

# Address to bind to for the DNS-over-TLS server.
# bindtls = ":853"

# Address to bind to for the DNS-over-HTTPS server.
# binddoh = ":443"

# Address to bind to for the DNS-over-QUIC server.
# binddoq = ":853"

# TLS certificate file.
# tlscertificate = "server.crt"

# TLS private key file.
# tlsprivatekey = "server.key"

# Outbound IPv4 addresses, if you set multiple, sdns can use a random outbound IPv4 address by request based.
outboundips = [
]

# Outbound IPv6 addresses, if you set multiple, sdns can use a random outbound IPv6 address by request based.
outboundip6s = [
]

# Root zone IPv4 servers
rootservers = [
    "198.41.0.4:53",
    "199.9.14.201:53",
    "192.33.4.12:53",
    "199.7.91.13:53",
    "192.203.230.10:53",
    "192.5.5.241:53",
    "192.112.36.4:53",
    "198.97.190.53:53",
    "192.36.148.17:53",
    "192.58.128.30:53",
    "193.0.14.129:53",
    "199.7.83.42:53",
    "202.12.27.33:53"
]

# Root zone IPv6 servers
root6servers = [
    "[2001:503:ba3e::2:30]:53",
    "[2001:500:200::b]:53",
    "[2001:500:2::c]:53",
    "[2001:500:2d::d]:53",
    "[2001:500:a8::e]:53",
    "[2001:500:2f::f]:53",
    "[2001:500:12::d0d]:53",
    "[2001:500:1::53]:53",
    "[2001:7fe::53]:53",
    "[2001:503:c27::2:30]:53",
    "[2001:7fd::1]:53",
    "[2001:500:9f::42]:53",
    "[2001:dc3::35]:53"
]

# Trusted anchors for DNSSEC
rootkeys = [
    ".			172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="
]

# Failover resolver IPv4 or IPv6 addresses with port, left blank for disabled.
# fallbackservers = [
#   "8.8.8.8:53",
#   "[2001:4860:4860::8888]:53"
# ]
fallbackservers = [
]

# Forwarder resolver IPv4 or IPv6 addresses with port, left blank for disabled.
# forwarderservers = [
#   "8.8.8.8:53",
#   "[2001:4860:4860::8888]:53",
#   "tls://8.8.8.8:853"
# ]
forwarderservers = [
]

# Address to bind to for the HTTP API server, left blank for disabled.
api = "127.0.0.1:8053"

# What kind of information should be logged, Log verbosity level [crit, error, warn, info, debug].
loglevel = "info"

# The location of the access log file, left blank for disabled. SDNS uses Common Log Format by default.
# accesslog = ""

# List of remote blocklists address list. All lists will be downloaded to the blocklist folder.
# blocklists = [
#    "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
#    "http://sysctl.org/cameleon/hosts",
#    "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
#    "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
# ]
blocklists = [
]

# [DEPRECATED] This will be ignored. The directory will be created under the working directory automatically.
blocklistdir = ""

# IPv4 address to forward blocked queries to.
nullroute = "0.0.0.0"

# IPv6 address to forward blocked queries to.
nullroutev6 = "::0"

# Which clients are allowed to make queries.
accesslist = [
    "0.0.0.0/0",
    "::0/0"
]

# Enables serving zone data from a hosts file, left blank for disabled.
# The form of the entries in the /etc/hosts file is based on IETF RFC 952, which was updated by IETF RFC 1123.
hostsfile = "/etc/hosts"

# Specifies the network timeout duration for each DNS lookup.
timeout = "2s"

# Defines the maximum duration to wait for each DNS query to respond.
querytimeout = "10s"

# Default error cache TTL in seconds.
expire = 600

# Cache size (total records in cache).
cachesize = 256000

# Cache prefetch before expire. The default threshold is 10%, 0 for disabled.
# The threshold percent should be between 10% ~ 90%.
prefetch = 10

# Maximum iteration depth for a query.
maxdepth = 30

# Query-based ratelimit per second, 0 for disabled.
ratelimit = 0

# Client IP address-based ratelimit per minute, 0 for disabled.
clientratelimit = 0

# Manual blocklist entries.
# blocklist = [
#   "example.com",
#   "example.net"
# ]
blocklist = [
]

# Whitelist entries.
# whitelist = [
#   "example.com",
#   "example.net"
# ]
whitelist = [
]

# DNS server identifier (RFC 5001), it's useful while operating multiple sdns. Left blank for disabled.
nsid = ""

# Enable to answer version.server, version.bind, hostname.bind, id.server chaos queries.
chaos = true

# Qname minimization level. If higher, it can be more complex and impact the response performance.
# If set to 0, qname minimization will be disabled.
qname_min_level = 5

# Empty zones return an answer for RFC 1918 zones. Please see http://as112.net/
# for details of the problems you are causing and the countermeasures that have had to be deployed.
# If the list is empty, SDNS will use default zones described at RFC.
# emptyzones = [
#   "10.in-addr.arpa."
# ]
emptyzones = [
]

# You can add your own plugins to sdns. The plugin order is very important.
# Plugins can be loaded before the cache middleware.
# Config keys should be strings, and values can be anything.
# There is an example plugin at https://github.com/semihalev/sdnsexampleplugin
# [plugins]
#     [plugins.example]
#     path = "exampleplugin.so"
#     config = {key_1 = "value_1", key_2 = 2, key_3 = true}