Skip to content

Instantly share code, notes, and snippets.

@catap

catap/kresd-config.lua

Created October 28, 2018 08:10
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save catap/3e2ba802b9439de8b2e3bc7a80621f0a to your computer and use it in GitHub Desktop.
Save catap/3e2ba802b9439de8b2e3bc7a80621f0a to your computer and use it in GitHub Desktop.
Download ZIP
An example configuration to random selection between Quad9, Cloudflare and Google DNS-over-TLS for knot-resolver (kresd)
Raw
kresd-config.lua
require 'math'
math.randomseed(os.time())
dns_providers = {
{ -- Quad9
{'9.9.9.9', hostname='dns.quad9.net', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'},
{'149.112.112.112', hostname='dns.quad9.net', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'}
},
{ -- Cloudflare
{'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'},
{'1.0.0.1', hostname='cloudflare-dns.com', ca_file='/usr/local/etc/kresd/DigiCertECCSecureServerCA.pem'}
},
{ -- Google
{'8.8.8.8', hostname='dns.google', ca_file='/usr/local/etc/kresd/GlobalSignR2CA.pem'},
{'8.8.4.4', hostname='dns.google', ca_file='/usr/local/etc/kresd/GlobalSignR2CA.pem'}
}
}
policy.add(function (request, query)
return policy.TLS_FORWARD(dns_providers[math.random(1, #dns_providers)])
end)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment