forked from folbricht/routedns
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblocklist-resolver.toml
47 lines (41 loc) · 1.64 KB
/
blocklist-resolver.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Simple configuration for "blocklist-v2" that uses alternative resolvers for
# queries that match the allowlist or blocklist. The default behavior is to
# return NXDOMAIN for any item that matches the blocklist but not the allowlist.
# With resolvers, it's possible to send queries to different resolvers based
# on them matching the allowlist or blocklist, similar to a router. This is
# useful when the blocklist should return something other than NXDOMAIN, the
# query can be routed to a statis-responder instead, providing more control
# over what is returned.
[resolvers.cloudflare-dot]
address = "1.1.1.1:853"
protocol = "dot"
[resolvers.google-dot]
address = "8.8.8.8:853"
protocol = "dot"
# Returns servfail for every query routed here by the blocklist
[groups.static-servfail]
type = "static-responder"
rcode = 2 # Response code: 0 = NOERROR, 1 = FORMERR, 2 = SERVFAIL, 3 = NXDOMAIN, ...
[groups.cloudflare-blocklist]
type = "blocklist-v2"
resolvers = ["cloudflare-dot"] # Default upstream resolver for anything not matching either list
blocklist-resolver = "static-servfail" # Resolver used for anything matching the blocklist (and not on the allowlist)
blocklist-format = "domain"
blocklist = [
'evil.com',
'.facebook.com',
'*.twitter.com',
]
allowlist-resolver = "cloudflare-dot" # Resolver for anything on the allowlist
allowlist-format = "domain"
allowlist = [ # Allowlist items override/bypass blocklist items
'allowed.facebook.com',
]
[listeners.local-udp]
address = ":53"
protocol = "udp"
resolver = "cloudflare-blocklist"
[listeners.local-tcp]
address = ":53"
protocol = "tcp"
resolver = "cloudflare-blocklist"