# Example CoreDNS setup for a fast local DNS cache with mixed upstream # transports. # # The example below combines local DoT forward stubs with direct DoH over # HTTP/2, DoH over HTTP/3, and DoQ upstreams in one fanout block. This keeps # the four IP-address-based upstreams on TLS while still demonstrating mixed # transport fanout. # # Prometheus metrics are always enabled. . { bind 127.0.0.1 # Change to your LAN IPv4 address if clients on your network should use this cache. bind ::1 # Change to your LAN IPv6 address if needed. bufsize 1232 local # Mixed fanout setup: # - four local DoT forward stubs for IP-address-based upstreams # - one DoH endpoint over HTTP/2 # - one DoH endpoint over HTTP/3 # - one DoQ endpoint # # Race mode returns quickly. In the intended behavior for this setup, # NXDOMAIN counts as a successful terminal DNS answer and should also end # the race early, while transport failures and other error responses may be # ignored briefly if a successful answer is still likely to arrive. fanout . 127.0.0.1:5301 127.0.0.1:5302 [::1]:5303 [::1]:5304 https://cloudflare-dns.com/dns-query h3://cloudflare-dns.com/dns-query quic://dns.adguard-dns.com { policy weighted-random weighted-random-server-count 4 weighted-random-load-factor 100 100 100 100 100 100 100 worker-count 4 race race-continue-on-error timeout 1500ms } cache { success 100000 denial 20000 prefetch 5 3600s serve_stale 3600s immediate } log . "{remote} - {class} {type} {name} EDNS-DO:{>do} RCODE:{rcode} FLAGS:{>rflags} {duration}" { class all } prometheus 127.0.0.1:9153 errors health loop } .:5301 { bind 127.0.0.1 ::1 forward . tls://9.9.9.11 { tls_servername dns11.quad9.net health_check 10s } } .:5302 { bind 127.0.0.1 ::1 forward . tls://1.1.1.1 { tls_servername one.one.one.one health_check 10s } } .:5303 { bind 127.0.0.1 ::1 forward . tls://2620:fe::11 { tls_servername dns11.quad9.net health_check 10s } } .:5304 { bind 127.0.0.1 ::1 forward . tls://2606:4700:4700::1111 { tls_servername one.one.one.one health_check 10s } }