ADD DNSDist(DoH DoT) service

roles/dnsdist/files/dnsdist.conf

@@ -0,0 +1,29 @@
+addACL('0.0.0.0/0')
+-- addACL('::/0')
+
+addLocal('0.0.0.0:53',{doTCP=true, reusePort=true, tcpFastOpenSize=0}) 
+addTLSLocal("0.0.0.0", "__SSL_CRT__", "__SSL_KEY__",{ doTCP=true, reusePort=true, tcpFastOpenSize=X })      
+-- path for certs and listen address for DoT ipv4 , by default listens on port 853. Set X(int) for tcp fast open queue size.
+-- addTLSLocal("[::]", "__SSL_CRT__", "__SSL_KEY__",{ doTCP=true, reusePort=true, tcpFastOpenSize=X })         
+-- path for certs and listen address for DoT ipv6 , by default listens on port 853. Set X(int) for tcp fast open queue size.
+
+
+
+addDOHLocal("0.0.0.0:443", "__SSL_CRT__", "__SSL_KEY__", "/", { doTCP=true, reusePort=true, tcpFastOpenSize=X })        
+addDOHLocal("[::]:443", "__SSL_CRT__", "__SSL_KEY__", "/", { doTCP=true, reusePort=true, tcpFastOpenSize=X })        
+-- path for certs and listen address for DoH. Set X(int) for tcp fast open queue size.
+
+addAction(MaxQPSIPRule(20), DropAction())    -- set X(int) number of queries to be allowed per second from a IP
+addAction(AndRule({QTypeRule(DNSQType.ANY), TCPRule(false)}), DropAction())  -- drop ANY queries sent over udp , not useful for DoT and DoH only servers.
+
+pc = newPacketCache(10000, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false}) 
+getPool(""):setCache(pc)              -- deafult cache
+setServerPolicy(leastOutstanding)       -- server policy to choose the downstream servers for recursion
+
+newServer({address="127.0.0.1:5335", name="unbound"})     -- downstream servers for recursion
+
+
+setMaxUDPOutstanding(65535)
+--setMaxTCPConnectionDuration(X)      -- set X(int) for tcp connection duaration from a connected client. X is number of seconds.
+setMaxTCPConnectionsPerClient(110)    -- set X(int) for number of tcp connections from a single client. Useful for rate limiting the concurrent connections.
+