70 lines
1.6 KiB
Plaintext
70 lines
1.6 KiB
Plaintext
server:
|
|
# Listen on all interfaces (inside container)
|
|
interface: 0.0.0.0
|
|
port: 53
|
|
|
|
# Allow queries from Docker networks
|
|
access-control: 10.0.0.0/8 allow
|
|
access-control: 172.16.0.0/12 allow
|
|
access-control: 192.168.0.0/16 allow
|
|
access-control: 127.0.0.0/8 allow
|
|
|
|
# Performance tuning for high-volume lookups
|
|
num-threads: 4
|
|
msg-cache-slabs: 8
|
|
rrset-cache-slabs: 8
|
|
infra-cache-slabs: 8
|
|
key-cache-slabs: 8
|
|
|
|
# Cache sizes (MB) - generous for domain crawling
|
|
msg-cache-size: 128m
|
|
rrset-cache-size: 256m
|
|
key-cache-size: 32m
|
|
neg-cache-size: 64m
|
|
|
|
# Cache TTL settings
|
|
cache-min-ttl: 300
|
|
cache-max-ttl: 86400
|
|
cache-max-negative-ttl: 300
|
|
|
|
# Prefetch popular entries before expiry
|
|
prefetch: yes
|
|
prefetch-key: yes
|
|
|
|
# Serve stale data while refreshing
|
|
serve-expired: yes
|
|
serve-expired-ttl: 86400
|
|
|
|
# Connection handling
|
|
so-reuseport: yes
|
|
outgoing-range: 8192
|
|
num-queries-per-thread: 4096
|
|
|
|
# Logging (minimal for performance)
|
|
verbosity: 1
|
|
log-queries: no
|
|
log-replies: no
|
|
|
|
# Security
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
harden-glue: yes
|
|
harden-dnssec-stripped: yes
|
|
use-caps-for-id: yes
|
|
|
|
# Don't use system resolv.conf
|
|
do-not-query-localhost: no
|
|
|
|
# Upstream DNS servers (forwarding mode for speed)
|
|
forward-zone:
|
|
name: "."
|
|
forward-tls-upstream: yes
|
|
|
|
# Cloudflare DNS (fast, reliable)
|
|
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
|
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
|
|
|
# Google DNS (fallback)
|
|
forward-addr: 8.8.8.8@853#dns.google
|
|
forward-addr: 8.8.4.4@853#dns.google
|