65dcd9a9c5
* feat: resolve .numa services to LAN IP for remote clients Remote DNS clients (e.g. phones on same WiFi) received 127.0.0.1 for local .numa services, which is unreachable from their perspective. Now returns the host's LAN IP when the query originates from a non-loopback address. Also auto-widens proxy bind to 0.0.0.0 when DNS is already public, and adds a startup warning when the proxy remains localhost-only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: respect proxy bind_addr config, don't auto-widen The auto-widen silently overrode an explicit config value — the user's config should be the source of truth. Now the proxy always uses the configured bind_addr, and the warning fires whenever it's 127.0.0.1. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update proxy bind_addr comment in example config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
91 lines
3.2 KiB
TOML
91 lines
3.2 KiB
TOML
[server]
|
|
bind_addr = "0.0.0.0:53"
|
|
api_port = 5380
|
|
# api_bind_addr = "127.0.0.1" # default; set to "0.0.0.0" for LAN dashboard access
|
|
|
|
# [upstream]
|
|
# mode = "forward" # "forward" (default) — relay to upstream
|
|
# # "recursive" — resolve from root hints (no address needed)
|
|
# address = "https://dns.quad9.net/dns-query" # DNS-over-HTTPS (encrypted)
|
|
# address = "https://cloudflare-dns.com/dns-query" # Cloudflare DoH
|
|
# address = "9.9.9.9" # plain UDP
|
|
# port = 53 # only for forward mode, plain UDP
|
|
# timeout_ms = 3000
|
|
# root_hints = [ # only used in recursive mode
|
|
# "198.41.0.4", # a.root-servers.net (Verisign)
|
|
# "199.9.14.201", # b.root-servers.net (USC-ISI)
|
|
# "192.33.4.12", # c.root-servers.net (Cogent)
|
|
# "199.7.91.13", # d.root-servers.net (UMD)
|
|
# "192.203.230.10", # e.root-servers.net (NASA)
|
|
# "192.5.5.241", # f.root-servers.net (ISC)
|
|
# "192.112.36.4", # g.root-servers.net (US DoD)
|
|
# "198.97.190.53", # h.root-servers.net (US Army)
|
|
# "192.36.148.17", # i.root-servers.net (Netnod)
|
|
# "192.58.128.30", # j.root-servers.net (Verisign)
|
|
# "193.0.14.129", # k.root-servers.net (RIPE NCC)
|
|
# "199.7.83.42", # l.root-servers.net (ICANN)
|
|
# "202.12.27.33", # m.root-servers.net (WIDE)
|
|
# ]
|
|
# prime_tlds = [ # TLDs to pre-warm on startup (recursive mode)
|
|
# "com", "net", "org", "info", # gTLDs
|
|
# "io", "dev", "app", "xyz", "me",
|
|
# "eu", "uk", "de", "fr", "nl", # EU + European ccTLDs
|
|
# "it", "es", "pl", "se", "no",
|
|
# "dk", "fi", "at", "be", "ie",
|
|
# "pt", "cz", "ro", "gr", "hu",
|
|
# "bg", "hr", "sk", "si", "lt",
|
|
# "lv", "ee", "ch", "is",
|
|
# "co", "br", "au", "ca", "jp", # other major ccTLDs
|
|
# ]
|
|
|
|
# [blocking]
|
|
# enabled = true # set to false to disable ad blocking
|
|
# refresh_hours = 24
|
|
# lists = ["https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/hosts/pro.txt"]
|
|
# allowlist = ["example.com"] # domains to never block
|
|
|
|
[cache]
|
|
max_entries = 10000
|
|
min_ttl = 60
|
|
max_ttl = 86400
|
|
|
|
[proxy]
|
|
enabled = true
|
|
port = 80
|
|
tls_port = 443
|
|
tld = "numa"
|
|
# bind_addr = "127.0.0.1" # default; set to "0.0.0.0" for LAN access to .numa services
|
|
|
|
# Pre-configured services (numa.numa is always added automatically)
|
|
# [[services]]
|
|
# name = "frontend"
|
|
# target_port = 5173
|
|
#
|
|
# [[services]]
|
|
# name = "api"
|
|
# target_port = 8000
|
|
|
|
# Example zone records:
|
|
# [[zones]]
|
|
# domain = "dimescu.ro"
|
|
# record_type = "A"
|
|
# value = "3.120.139.105"
|
|
# ttl = 30
|
|
|
|
# [[zones]]
|
|
# domain = "test.local"
|
|
# record_type = "A"
|
|
# value = "127.0.0.1"
|
|
# ttl = 60
|
|
|
|
# DNSSEC signature validation (requires mode = "recursive")
|
|
# [dnssec]
|
|
# enabled = false # opt-in: verify chain of trust from root KSK
|
|
# strict = false # true = SERVFAIL on bogus signatures
|
|
|
|
# LAN service discovery via mDNS (disabled by default — no network traffic unless enabled)
|
|
# [lan]
|
|
# enabled = true # discover other Numa instances via mDNS (_numa._tcp.local)
|
|
# broadcast_interval_secs = 30
|
|
# peer_timeout_secs = 90
|