# This next block has no zone, therefore it is the _global_ block, that defines properties for the entire
# atomdns process.This handler block is documented in atomdns-global(7).
{
    # log configures the (global) logging. Each handler can decide to log or not, but what and how things are
    # log is mostly determined here.
    log {
        debug # Enable debug logging.
        #json # Enable for JSON log output.
        #disable # Start without logging and wait for SIGUSR1 to enable query logging.
    }
    health # Enable the health endpoint.
    metrics # Enable prometheus metrics.
    root handlers # Set the root directory to $PWD/handlers

    # if you want to profile the atomdns instance, enable the next line.
    #pprof atomdns.prof

    # dns configures the DNS listener that does plain old DNS.
    dns {
        addr [::]:1053 # Listen on all interfaces and port 1053.
        # limits is used to set limits on the listener.
        limits {
            tcp -1 # Never severe a TCP connection.
            run numcpu()*3 # Run this many servers that all listen on the same port (re-use port).
        }
    }
    # doh configures the DNS over HTTP listener.
    doh {
        addr [::]:1443 # Listen on all interfaces and port 1443.
        limits {
            run numcpu()*1 # Run only a single server per CPU.
            inflight 100 # Allow only 100 inflight requests to stop the server from being overwhelmed.
        }
    }
    # dot configures the DNS over TLS listener.
    dot {
        addr [::]:8053 # Listen on all interface and port 8053.
        limits {
            run 1 # Run a single server.
            inflight 200 # Allow only 200 in-flight requests to stop the server from being overwhelmed.
        }
    }
    # dou configures the DNS over Unix domain sockets listener.
    dou {
        addr ~/dns.sock # Here we use ~ to refer to our home directory.
    }
    # tls configures how atomdns configures TLS for doh and dot. In this case it's manual with the
    # certificates being places on the local disk. Note that the `root` directive is applied here, so
    # the certs can be found in handlers/global/testdata/... .
    tls manual {
        cert global/testdata/test_cert.pem global/testdata/test_key.pem
    }
}

# This configures the first zone to and the handlers to run for that zone. The 10.0.0.0/24 syntax is
# automatically converted in the correct in-addr.arpa zone(s).
10.0.0.0/24 {
    log # Log each query, see atomdns-log(7).
    whoami # See atomdns-whois(7).
}

# Configure to be authoritative for example.org.
example.org {
    id # Add a request ID, see atomdns-id(7).
    log # Log, see atomdns-log(7).
    # yes is an older handler this since has been removed, the setup skips these automatically.
    yes {
        CAA stuff
    }
    # kill 50s # Kill the server after 50 seconds, see atomdns-kill(7).
    dbfile dbfile/zone/testdata/db.example.org { # Configure a zone from a file on disk, see atomdns-dbfile(7).
        transfer # Allow transfers to everywhere.
    }
}

# Configure to be authoritative for miek.nl.
miek.nl {
    log # Log, as above.
    metrics # Metrics are globally enabled, for this zone they should be actually gathered and exported.
    # Sign the db.miek.nl zone with the keys specified. This doesn't do anything else. The next handler...
    sign sign/testdata/db.miek.nl {
        key sign/testdata/Kmiek.nl.+013+59725
        zonemd
    }
    # ... will pick up the signed zone file and serve it.
    dbfile sign/testdata/db.miek.nl.signed
}

# Configure zones for CH class queries, so the server returns some information about its own identity.
version.server authors.server id.server {
    log
    chaos { # Chaos, see atomdns-chaos(7)
        authors {
            miek@miek.nl
        }
    }
}
