The filter plugins enables blocking requests based on predefined lists and rules, creating a DNS sinkhole similar to Pi-Hole or AdGuard.
- Regex and simple string matching support.
- Inspection of CNAME, SVCB and HTTPS records detects and blocks cloaking.
- Block replies are fully cacheable by the cache plugin.
filter {
allow FILE
block FILE
uncloak
ttl DURATION
}
allowload FILE to the whitelist.blockload FILE to the blacklist.uncloakenables response uncloaking, disabled by default.ttlsets TTL for blocked responses, default is 3600s.
If monitoring is enabled (via the prometheus plugin) then the following metric are exported:
coredns_filter_blocked_requests_total{server}- count per server
.:53 {
filter {
allow /lists/allowlist.txt
block /lists/denylist.txt
uncloak
ttl 600
}
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername cloudflare-dns.com
}
}
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}