-- Default empty Knot DNS Resolver configuration in -*- lua -*-

net.listen('127.0.0.1', 53, { kind = 'dns' })
net.listen('192.168.100.1', 53, { kind = 'dns', freebind = true })
net.listen('192.168.104.1', 53, { kind = 'dns', freebind = true })

-- Switch to unprivileged user --
user('knot-resolver','knot-resolver')
-- Unprivileged
cache.size = 100 * MB

-- For tmpfs
-- cache.open(300 * MB, 'lmdb:///tmp/knot-resolver')

-- See https://gitlab.labs.nic.cz/knot/knot-resolver/issues/470
net.ipv6 = false

modules = {
        'hints > iterate',  -- Load /etc/hosts and allow custom root hints
        'stats',            -- Track internal statistics
        'predict',          -- Prefetch expiring/frequent records
}

-- minimum TTL = 2 minutes
cache.min_ttl(120)

dofile("/etc/knot-resolver/knot-aliases-alt.conf")

policy.add(
    policy.suffix(
        policy.STUB(
            {'127.0.0.4'}
        ),
        policy.todnames(blocked_hosts)
    )
)

-- Resolve OpenNIC, EMCDNS and Namecoin domains
policy.add(
    policy.suffix(
        policy.STUB(
            {'172.104.136.243', '176.126.70.119', '87.98.175.85', '193.183.98.66'}
        ),
        policy.todnames({'bbs.', 'chan.', 'cyb.', 'dyn.', 'geek.', 'gopher.',
                         'indy.', 'libre.', 'neo.', 'null.', 'o.', 'oss.', 'oz.',
                         'parody.', 'pirate.', 'free.', 'bazar.', 'coin.',
                         'emc.', 'lib.', 'fur.', 'bit.', 'ku.', 'te.', 'ti.', 'uu.'
                         }
        )
    )
)