30 lines
1.0 KiB
Plaintext
30 lines
1.0 KiB
Plaintext
# DNS logging. This log file will show the DNS requests geting forwarded to UNBOUND
|
|
#log_format dns '$remote_addr [$time_local] $protocol "$dns_qname"';
|
|
#access_log /var/log/nginx/dns-access.log dns;
|
|
|
|
# Include the NJS module. Get the file from https://github.com/TuxInvader/nginx-dns/tree/master/njs.d
|
|
#js_include /etc/nginx/njs.d/nginx_stream.js;
|
|
|
|
# The $dns_qname variable can be populated by preread calls, and can be used for DNS routing
|
|
#js_set $dns_qname dns_get_qname;
|
|
|
|
|
|
upstream dns {
|
|
zone dns 64k;
|
|
server 127.0.0.1:5445;
|
|
#server 127.0.0.1:53;
|
|
}
|
|
server {
|
|
#listen 853 http3;
|
|
listen 853 ssl; # managed by Certbot
|
|
ssl_certificate /etc/letsencrypt/live/dns.zzls.xyz/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/dns.zzls.xyz/privkey.pem; # managed by Certbot
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
ssl_handshake_timeout 10s;
|
|
ssl_session_cache shared:SSL:20m;
|
|
ssl_session_timeout 4h;
|
|
proxy_pass dns;
|
|
}
|