surtur
51cb74c853
* add instructions on how to use the resolvers * additionally, configure better caching on CoreDNS * tweak the main domain used * reorganise the README a bit
57 lines
759 B
Plaintext
57 lines
759 B
Plaintext
tls://.:853 {
|
|
reload
|
|
|
|
# certs need to be either copied or mounted here.
|
|
tls /var/lib/coredns/certs/fullchain.pem /var/lib/coredns/certs/privkey.pem {
|
|
client_auth verify_if_given
|
|
}
|
|
|
|
# local dnscrypt-proxy.
|
|
forward . 127.0.0.50:53 ::1 {
|
|
health_check 5s
|
|
expire 600s
|
|
policy sequential
|
|
}
|
|
|
|
cache {
|
|
success 4096
|
|
denial 2048
|
|
prefetch 512
|
|
keepttl
|
|
}
|
|
|
|
whoami
|
|
health
|
|
errors
|
|
# log
|
|
}
|
|
|
|
https://.:4053 {
|
|
reload
|
|
|
|
tls /var/lib/coredns/certs/fullchain.pem /var/lib/coredns/certs/privkey.pem {
|
|
client_auth verify_if_given
|
|
}
|
|
|
|
loadbalance
|
|
forward . 127.0.0.50:53 ::1 {
|
|
health_check 7s
|
|
expire 600s
|
|
policy sequential
|
|
}
|
|
|
|
cache {
|
|
success 4096
|
|
denial 2048
|
|
prefetch 512
|
|
keepttl
|
|
}
|
|
|
|
whoami
|
|
health
|
|
errors
|
|
# log
|
|
}
|
|
|
|
# vim: noexpandtab
|