# Download CoreDNS from GitHub
# https://github.com/coredns/coredns/releases/latest
wget https://github.com/coredns/coredns/releases/download/v1.6.6/coredns_1.6.6_linux_amd64.tgz -O corends.tgz

tax -xvzf coredns.tgz
rm coredns.tgz

# Download the hosts list
wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O blockads.hosts

# Create CoreDNS configuration file
vi Corefile

# ---------- Corefile ----------
.:53 {
	forward. tls://8.8.8.8 tls://8.8.4.4 {
		tls_servername dns.google
	}

	hosts blockads.hosts {
		fallthrough
	}
}
# ------------------------------

# Disable systemd-resolved, which is active by default
systemctl stop systemd-resolved
systemctl disable systemd-resolved

# Prevent it from starting at boot
# Add the following line to /etc/systemd/resolved.conf
DNSStubListener=no

# Update the network interfaces configuration to use 127.0.0.1 as dns server
vi /etc/netplan/50-cloud-init.yaml

# ------------------------------
network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            match:
                macaddress: AA:BB:CC:DD:EE:FF
            set-name: ens3
            nameservers:
                addresses: [127.0.0.1]
# ------------------------------

# Deploy CoreDNS
# See https://github.com/coredns/deployment
# See https://akai-tsuki.hatenablog.com/entry/2018/08/19/000000

# Add coredns user
useradd coredns -s /sbin/nologin -c 'coredns user'

# Create the systemd service configuration file
vi /etc/systemd/system/coredns.service

# ------------------------------
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/etc/coredns
ExecStart=/usr/bin/coredns -conf=Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target
# ------------------------------

mkdir /etc/coredns
mv coredns /usr/bin/
mv Corefile /etc/coredns/
mv blockads.hosts /etc/coredns/

chmod 755 /usr/bin/coredns
chmod 644 /etc/coredns/*

# Check status
systemctl start coredns
systemctl is-active coredns
systemctl enable coredns