Below is a simple configuration for setting up dnsdist as a server offering both DoT and DoH


addACL('0.0.0.0/0')
addACL('::/0')

addLocal('0.0.0.0:53',{doTCP=true, reusePort=true, tcpFastOpenSize=X})		-- for dns over port 53 ipv4 , set X(int) for tcp fast open queue size
addLocal('[::]:53',   {doTCP=true, reusePort=true, tcpFastOpenSize=X})		-- for dns over port 53 ipv6 , set X(int) for tcp fast open queue size

addTLSLocal("0.0.0.0", "/Path/fullchain.pem", "/Path/privkey.pem",{ doTCP=true, reusePort=true, tcpFastOpenSize=X }) 		
-- path for certs and listen address for DoT ipv4 , by default listens on port 853. Set X(int) for tcp fast open queue size.
addTLSLocal("[::]", "/Path/fullchain.pem", "/Path/privkey.pem",{ doTCP=true, reusePort=true, tcpFastOpenSize=X })			
-- path for certs and listen address for DoT ipv6 , by default listens on port 853. Set X(int) for tcp fast open queue size.

addDOHLocal("[::]:443", "/Path/fullchain.pem", "/Path/privkey.pem", "/dns-query", { doTCP=true, reusePort=true, tcpFastOpenSize=X })		
-- path for certs and listen address for DoH. Set X(int) for tcp fast open queue size.

addAction(MaxQPSIPRule(X), DropAction()) 	-- set X(int) number of queries to be allowed per second from a IP
addAction(AndRule({QTypeRule(dnsdist.ANY), TCPRule(false)}), DropAction())	-- drop ANY queries sent over udp , not useful for DoT and DoH only servers.

pc = newPacketCache(X, 86400, 600)  	-- set X number of entries to be in dnsdist cache by default , memory will be preallocated based on the X number
getPool(""):setCache(pc)			    -- deafult cache
setServerPolicy(leastOutstanding)		-- server policy to choose the downstream servers for recursion

newServer({address="127.0.0.1:1111", name="resolver1"})		-- downstream servers for recursion
newServer({address="127.0.0.1:2222", name="resolver2"})		-- downstream servers for recursion

setMaxUDPOutstanding(65535)
setMaxTCPClientThreads(X) 		    -- set X(int) to handle number of maximum tcp clients
setMaxTCPConnectionDuration(X) 		-- set X(int) for tcp connection duaration from a connected client. X is number of seconds.
setMaxTCPConnectionsPerClient(X)  	-- set X(int) for number of tcp connections from a single client. Useful for rate limiting the concurrent connections.
setMaxTCPQueriesPerConnection(X)	-- set X(int) , similiar to addAction(MaxQPSIPRule(X), DropAction())
  • No labels