scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-11-02 19:08:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(dns): tweak dns settingss after update

Browse Source
This commit is contained in:
Vegard Hagen
2024-12-05 22:09:59 +01:00
parent e48986a5a2
commit eb74b5baff
3 changed files with 33 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
k8s/infra/network/dns/adguard/config/AdGuardHome.yaml
View File

@@ -14,22 +14,20 @@ dns:
- 0.0.0.0 - 0.0.0.0
port: 53 port: 53
anonymize_client_ip: false anonymize_client_ip: false
ratelimit: 20 ratelimit: 500
ratelimit_subnet_len_ipv4: 24 ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56 ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: [ ] ratelimit_whitelist: [ ]
refuse_any: true refuse_any: true
upstream_dns: upstream_dns:
- 10.96.0.11 - 10.96.0.11
- udp://unbound.dns.svc.cluster.local:53
- tcp://unbound.dns.svc.cluster.local:53
upstream_dns_file: "" upstream_dns_file: ""
bootstrap_dns: bootstrap_dns:
- 10.96.0.10 - 10.96.0.11
fallback_dns: fallback_dns:
- 1.1.1.1 - 1.1.1.1
- 9.9.9.9 - 9.9.9.9
upstream_mode: fastest_addr upstream_mode: parallel
fastest_timeout: 1s fastest_timeout: 1s
allowed_clients: [ ] allowed_clients: [ ]
disallowed_clients: [ ] disallowed_clients: [ ]
@@ -105,6 +103,7 @@ filters:
whitelist_filters: [ ] whitelist_filters: [ ]
user_rules: user_rules:
- '@@||sdk.iad-01.braze.com^$important' # Payments? - '@@||sdk.iad-01.braze.com^$important' # Payments?
- '@@||www.merchant-center-analytics.goog^$important'
dhcp: dhcp:
enabled: false enabled: false
interface_name: "" interface_name: ""

25
k8s/infra/network/dns/unbound/config/unbound.conf
View File

@@ -23,7 +23,7 @@ server:
log-replies: no log-replies: no
log-servfail: yes log-servfail: yes
#logfile: /opt/unbound/etc/unbound/unbound.log logfile: /opt/unbound/etc/unbound/unbound.log
verbosity: 2 verbosity: 2
infra-cache-slabs: 4 infra-cache-slabs: 4
@@ -50,7 +50,7 @@ server:
so-reuseport: yes so-reuseport: yes
aggressive-nsec: yes #aggressive-nsec: yes
delay-close: 10000 delay-close: 10000
@@ -60,7 +60,7 @@ server:
neg-cache-size: 4M neg-cache-size: 4M
qname-minimisation: yes #qname-minimisation: yes
access-control: 127.0.0.1/32 allow access-control: 127.0.0.1/32 allow
access-control: 192.168.0.0/16 allow access-control: 192.168.0.0/16 allow
@@ -108,6 +108,25 @@ server:
val-clean-additional: yes val-clean-additional: yes
# Limit on upstream queries for an incoming query and its recursion.
max-global-quota: 1000
# https://github.com/NLnetLabs/unbound/issues/362
qname-minimisation: no
aggressive-nsec: no
infra-keep-probing: yes
infra-cache-min-rtt: 1000
infra-cache-max-rtt: 2000
infra-host-ttl: 10
outbound-msg-retry: 128
max-sent-count: 256
udp-connect: no
#ede: yes
include: /opt/unbound/etc/unbound/a-records.conf include: /opt/unbound/etc/unbound/a-records.conf
include: /opt/unbound/etc/unbound/srv-records.conf include: /opt/unbound/etc/unbound/srv-records.conf

14
k8s/infra/network/dns/unbound/deployment.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: Deployment
metadata: metadata:
name: unbound name: unbound
namespace: dns namespace: dns
@@ -12,15 +12,15 @@ spec:
labels: labels:
app: unbound app: unbound
spec: spec:
securityContext: #securityContext:
seccompProfile: # seccompProfile:
type: RuntimeDefault # type: RuntimeDefault
containers: containers:
- name: unbound - name: unbound
image: docker.io/mvance/unbound:1.22.0 # renovate: docker=docker.io/mvance/unbound image: docker.io/mvance/unbound:1.22.0 # renovate: docker=docker.io/mvance/unbound
securityContext: #securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
readOnlyRootFilesystem: false # readOnlyRootFilesystem: false
ports: ports:
- name: unbound-dns-tcp - name: unbound-dns-tcp
containerPort: 5335 containerPort: 5335