25 lines
880 B
Plaintext
25 lines
880 B
Plaintext
# Enable logging
|
|
log-queries=extra
|
|
log-facility=/var/log/pihole/pihole.log
|
|
|
|
# Enable DNSSEC validation
|
|
dnssec
|
|
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
|
|
|
|
# Explicitly specify the local powerDNS recursor as forward destination for .ftl
|
|
# This ensures FTL knows that ftl. is a local zone for which no DNSSEC
|
|
# validation should be done. Otherwise, we'd get BOGUS for everything as the
|
|
# root servers would tell us that ftl. does not exist
|
|
server=/ftl/127.0.0.1#5555
|
|
|
|
# Send the HTTPS/SVCB queries to the authoritative server without detour over the
|
|
# recursor because the latter returns SEVFAIL (connection between authoritative
|
|
# server and recursor is not encrypted)
|
|
server=/https.ftl/127.0.0.1#5554
|
|
server=/svcb.ftl/127.0.0.1#5554
|
|
|
|
# Use local powerDNS recursor for everything else (DNSSEC enabled)
|
|
server=127.0.0.1#5555
|
|
|
|
no-resolv
|